Affected by cPanel CVE-2026-41940

Esteban De Lara

• May 01, 2026 22:49

Hello,

After receiving the cPanel CVE-2026-41940 notification, I attempted to update my server immediately. The update process became stuck at 17% and stayed there for hours without progressing.

The server was later compromised. Files were encrypted with the “.sorry” extension and a ransom note was left on the system asking for contact through qTox.

Based on this experience, I strongly recommend that administrators who cannot update successfully should shut down or isolate their servers immediately, or at least block public access to cPanel/WHM/Webmail ports 2083, 2087, 2095, and 2096, until cPanel provides a reliable resolution and the system can be safely patched or rebuilt.

If the update hangs, do not assume you are protected. Treat the server as still exposed.

• 

  cPRex Jurassic Moderator

  • May 04, 2026 02:47

  Thanks for sharing this - yes, for servers that can't successfully update, closing the ports is the best mitigation method.

  0

Please sign in to leave a comment.