cPanel Issues Second Emergency Patch After Ransomware Attack Compromised 44,000 Servers
By
Gustavo Gallas
22d ago· 7 min readenNews
79/100
Toasty
Bagelometer↗
Warm and crisp on the edges. A bagel with a bit of bite.
Score79TypenewsSentimentnegative
Summary
cPanel issued a second emergency security patch (TSR) on May 8, 2026, just ten days after a ransomware attack exploited CVE-2026-41940 to compromise 44,000 web hosting servers. The new patch addresses three additional vulnerabilities (CVE-2026-29201, CVE-2026-29202, CVE-2026-29203), two of which carry a CVSS score of 8.8 (High severity). This marks the second emergency patch from cPanel in a short span, highlighting ongoing security challenges for hosting platforms.
Key quotes
· 4 pulledIf you run a server with cPanel or WHM, you need to read this carefully.
On May 8, 2026 — just ten days after the cPanel CVE-2026-41940 authentication bypass was used to compromise 44,000 web hosting servers and deploy ransomware — cPanel quietly released a second emergency security patch.
Two of the three carry a CVSS score of 8.8. That puts them firmly in the High severity tier, one step below Critical.
This is the second Technical Security Release (TSR) in 10 days from cPanel.
If you run a server with cPanel or WHM, you need to read this carefully. On May 8, 2026 — just ten days after the cPanel CVE-2026-41940 authentication bypass was used to compromise 44,000 web hosting servers and deploy ransomware — cPanel quietly released
