We have received some inquiries about a recent attack and vulnerability that is in just about every single release of the cPanel web control panel management interface. In short, we do not use it.
A critical security vulnerability (CVE-2026-41940) was disclosed this week which affects every version of cPanel after version 11.40. cPanel (“control panel”) one of the most widely-used web hosting control panels that allows one to manage some aspects of a server using a web interface. This flaw allows an attacker to bypass authentication entirely and gain full administrative access to any server running the software with no valid credentials required.
Several sites are being locked out with a ransomware demand to be paid to have their cPanel access restored.
WMD does not use cPanel, WHM nor any other assistive layer for managing our services. Our servers are managed directly via the command line on hardened AlmaLinux, Debian, RockyLinux and in some cases Ubuntu instances, which means there is no cPanel attack surface to exploit. Your sites are not affected.
If you have assets hosted elsewhere and are unsure whether cPanel is in use at that location we happy to help you check. Just ask!
Thank you for your trust in us.
Photo by Stephen Phillips – Hostreviews.co.uk on Unsplash