On April 28, 2026, cPanel disclosed a critical authentication vulnerability in cPanel and WHM affecting nearly all known versions, including end-of-life releases. The flaw allowed authentication bypass at the login level, meaning an attacker could access a WHM or cPanel interface without valid credentials. KnownHost, one of the first providers to publicly respond, confirmed that “successful exploits … Continue reading cPanel Had an Authentication Bypass. Exploits Were Already in the Wild.