Three new cPanel vulnerabilities, CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, are being patched today at 12:00pm EST, with technical details withheld until the fix is live.
Category: Security
DirtyFrag, a Linux kernel local privilege escalation that gives any local user root access on Ubuntu, RHEL, Fedora, CentOS Stream, AlmaLinux, and openSUSE Tumbleweed, went fully public on May 8 after an embargo break, with no CVE assigned and no patches available for any affected distribution.
Apache 2.4.67, released May 4, patches 11 CVEs including a CVSS 8.8 HTTP/2 remote code execution flaw and a shared hosting privilege escalation that lets customers read each other's files.
CVE-2026-41940, the cPanel authentication bypass exploited for 64 days before disclosure, is still developing. 44,000 servers likely compromised, a public exploit on GitHub, three active campaigns. This page is updated in real time as new information surfaces.
CVE-2026-41940, the cPanel authentication bypass from April 28, was being exploited since February 23, operated as a zero-day for 64 days, and was added to CISA's Known Exploited Vulnerabilities list with 1.5 million internet-exposed instances counted by Rapid7.
Copy Fail (CVE-2026-31431) is a Linux kernel privilege escalation giving any unprivileged local user root access, affecting virtually all distributions since 2017, with shared hosting and multi-tenant environments at highest risk.
cPanel disclosed a critical authentication bypass on April 28 affecting nearly all versions of cPanel and WHM, with active exploits confirmed in the wild before the patch was released, forcing hosting.com, Namecheap, KnownHost, HostPapa, and InMotion Hosting to take cPanel access offline globally.
OpenClaw has 138 documented security advisories and a market fractured into four tiers, ranging from $3.85 managed VPS to NVIDIA's NemoClaw enterprise stack and Cloudflare's ephemeral-container proof-of-concept.
Vercel confirmed unauthorized access to its internal systems on April 19, 2026, while a threat actor claiming affiliation with ShinyHunters posted on BreachForums offering to sell the alleged dataset including GitHub tokens, NPM tokens, API keys, and source code for $2 million.
Flippa celebrated the six-figure sale of the Essential Plugin portfolio; eight months later the buyer activated a backdoor across 20,000+ WordPress sites using Googlebot cloaking and a C2 routed through an Ethereum smart contract.