Critical cPanel and WHM bug exploited as a zero-day, PoC now available

Related breach coverage

• Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
  2026-04-30

  The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.

• cPanel, WHM emergency update fixes critical auth bypass bug
  2026-04-29

  A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. [...]

• CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
  2026-04-29

  Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL injection in the proxy API key verification process, lets attackers access and potentially modify database […]

• All supported cPanel versions hit by critical auth bug, now patched
  2026-04-29

  cPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The flaw affects all supported versions, raising serious risks for exposed servers. cPanel is a […]