CVE-2026-41940, the cPanel authentication bypass exploited for 64 days before disclosure, is still developing. 44,000 servers likely compromised, a public exploit on GitHub, three active campaigns. This page is updated in real time as new information surfaces.
CVE-2026-41940, the cPanel authentication bypass from April 28, was being exploited since February 23, operated as a zero-day for 64 days, and was added to CISA's Known Exploited Vulnerabilities list with 1.5 million internet-exposed instances counted by Rapid7.
Copy Fail (CVE-2026-31431) is a Linux kernel privilege escalation giving any unprivileged local user root access, affecting virtually all distributions since 2017, with shared hosting and multi-tenant environments at highest risk.
The gap in hosting has never been infrastructure. It has been ownership - who is responsible for the full stack once a system goes live. Servebolt and Crowd Favorite are closing that gap together.
Believe in what we're building?
Do you have a news that no one knows about yet? Send it to us, we'll introduce it to the whole world!
Sell or acquire a hosting company with expert guidance.
We connect sellers with 250+ verified buyers worldwide.
Private deals, real valuations, and full support – from strategy to closing.
