cPanel Authentication Bypass Exposes the Growing Risk of Identity Centric Attacks
Barracuda Networks Blog, Monday, May 11th, 2026
CVE-2026-41940 authentication bypass in cPanel enables remote admin access and highlights identity as the new attack surface.
Barracuda Networks details CVE-2026-41940, an authentication bypass in cPanel and WebHost Manager that allows unauthenticated attackers to gain administrative access to web servers. The vulnerability was exploited in the wild before public disclosure, leading to both opportunistic ransomware campaigns (including the "Sorry" strain affecting over 40,000 IPs) and targeted intrusions against government and MSP infrastructure.
The incident demonstrates how attackers chain commodity vulnerabilities with automation and AI to achieve rapid exploitation at scale, and reveals broader identity hygiene and visibility problems in managed platforms that extend beyond cPanel to third-party integrations and shared security models.