A critical authentication bypass vulnerability in cPanel and WebHost Manager has been exploited in the wild since February, allowing unauthenticated attackers to gain full administrative control over affected systems. The flaw, tracked as CVE-2026-41940 with a severity score of 9.8, affects all versions after 11.40 and could compromise all websites on shared hosting servers, with roughly 1.5 million internet-accessible cPanel instances potentially vulnerable. Major hosting providers immediately blocked access to cPanel ports after disclosure to deploy emergency patches, and administrators are being urged to update immediately or use available detection scripts to check for signs of compromise.