Executive Summary

• A critical global vulnerability (CVE-2026-41940) has been identified in cPanel/WHM and is being actively exploited.
• The issue affects over 1.5 million servers globally, potentially impacting hundreds of millions of websites.
• As a precaution, all cPanel servers at SkyNetHosting.Net have been temporarily shut down.
• No confirmed compromise has been identified within our systems based on current assessments.
• Services will be restored only after full security verification and patching is complete.
• This is a global industry issue, and our actions are proactive measures to protect all client environments.
• At SkyNetHosting.Net, we operate with a clear principle: protect client systems first, restore services second.
• Following the disclosure of a critical vulnerability in cPanel & WHM (CVE-2026-41940), we have taken the deliberate decision to temporarily shut down all cPanel-based servers within our infrastructure.
• This action is preventive, controlled, and in the best interest of all clients.

 Incident Overview

A recently disclosed vulnerability in cPanel/WHM (CVE-2026-41940) has been classified as critical, with confirmed reports of active exploitation in the wild.

The vulnerability enables:

• Authentication bypass (unauthorized access without valid login credentials)
• Potential privileged-level control of affected servers
• Broad impact across multi-tenant hosting environments

Industry-wide assessments indicate that over 1.5 million cPanel servers may be exposed globally. Given that each server can host hundreds to thousands of websites, the potential impact extends to Hundreds of millions of websites worldwide.

This is a systemic software-level vulnerability, affecting hosting providers globally, irrespective of size or internal security standards.

Industry Context

This vulnerability has been widely reported and analyzed by leading cybersecurity firms and global security media, highlighting the severity and urgency of the situation.

• Rapid7 : Critical cPanel & WHM Authentication Bypass (CVE-2026-41940)
• Labs @ WatchTowr : The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
• BleepingComputer : Critical cPanel bug exploited as zero-day before patch release
• SecurityWeek : cPanel vulnerability exploited as zero-day for months
• Bitsight : Critical vulnerability alert: cPanel WHM authentication bypass

Key findings from these reports include:

• CVSS 9.8 (critical severity rating)
• Active exploitation in the wild
• No authentication required for attack
• Potential full administrative control of servers

Given the widespread adoption of cPanel, this is considered one of the most impactful control panel–level security incidents in recent times.

Risk in Shared Hosting Environments

In cPanel-based shared hosting architectures, a successful exploit at the control panel layer may allow attackers to:

• Access or manipulate website files and databases
• Compromise email systems and credentials
• Inject malicious code or redirect traffic
• Leverage servers for spam or coordinated attacks

Given the multi-account nature of shared hosting, a single compromised server can have cascading effects across multiple client environments.

Our Decision: Full Shutdown of cPanel Servers

After internal risk evaluation, we have elected to:

• Fully shut down all cPanel servers as a precautionary measure

This approach ensures:

• Reduced exposure window during active exploitation
• Reduce containment of potential attack vectors
• Maximum protection of client data integrity

While this results in temporary service interruption, it reflects a security-first operating model aligned with best practices for high-severity incidents.

Responsibility & Transparency

We want to state this clearly:

• This issue originates from a 3rd party software vulnerability within cPanel/WHM and is affecting hosting providers globally
• It originates from a core vulnerability within cPanel/WHM software
• It is affecting hosting providers globally across all regions

At present:

• At this time, our investigations are ongoing, and we are actively reviewing all systems as part of our security assessment
• All actions taken are proactive and aligned with industry best practices for risk mitigation under active threat conditions

Remediation & Ongoing Actions

Our engineering and security teams are actively engaged in:

• Deploying official vendor patches and verified updates and reload/reboot server as needed.
• Conducting comprehensive system integrity audits
• Reviewing logs and access patterns for anomalies
• Implementing additional hardening controls and access restrictions

Systems will only be brought back online once they meet our internal security clearance standards.

Service Restoration

Service restoration will proceed in a phased and controlled manner once:

• All affected systems are fully patched
• Security validation checks are completed
• Residual risk is reduced to an acceptable level

Our approach prioritizes long-term system integrity over short-term availability

Strategic Outlook

This event reinforces the importance of continuous infrastructure evolution.

SkyNetHosting.Net is actively:

• Diversifying control panel dependencies
• Strengthening multi-layered security architecture
• Enhancing resilience against platform-level vulnerabilities

Client Commitment

We recognize the impact of this temporary disruption and sincerely appreciate your patience.

Our responsibility extends beyond uptime — it includes ensuring that your systems remain:

• Secure, stable, and uncompromised
• We will continue to provide updates as progress is made.

Support Channels

For urgent matters, our support teams remain available via:

•  Live Chat
• Support Tickets

We appreciate your patience and understanding as we work through this situation with the highest priority on security and system integrity.

We will continue to monitor developments closely and provide all updates on this page as new information becomes available.

Update: cPanel Security Incident – Recovery Progress

We would like to provide an important update regarding the ongoing cPanel/WHM security incident (CVE-2026-41940)

Current Progress

As of now:

• Approximately 15% of all affected servers have been fully restored, upgraded, and secured.
• Over 30% of our reseller hosting servers have been successfully recovered and brought back online.
  
  

All restored systems have been:

• Upgraded to patched versions
• Fully rebuilt (OS reload) where required
• Security-hardened before reactivation

Due to the severity of the incident, we are not publishing specific server names publicly as part of our security policy.

 Why Recovery is Taking Time

This vulnerability is classified as critical (CVSS 9.8) and allows attackers to bypass authentication and gain administrative access without credentials.

Security researchers have confirmed:

• Active exploitation in the wild
• Potential for full server compromise including websites, databases, and configurations

Given the scale and risk, each server must go through a complete security validation process before being brought back online.

Our Recovery Approach

We are following a strict, security-first recovery process:

1. Isolation of affected systems
2. Full OS reload and environment rebuild
3. Upgrade to latest patched cPanel versions
4. Security hardening and access restrictions
5. Data validation and service testing
6. Controlled reactivation

This ensures that restored services are stable, secure, and not vulnerable to re-exploitation

 What This Means for Clients

• Services are being restored in phases, not all at once
• Priority is given to system integrity and security over speed
• Some services may take longer due to deeper validation requirements

Further Reading & Transparency

For full details on this incident and technical background, you may refer to:

• https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services
• https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/](https://skynethosting.net/blog/cpanel-hack-cve-2026-41940
• https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940
• https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Next Steps

Our teams are continuing to work around the clock to:

• Accelerate recovery across remaining servers
• Monitor for any suspicious activity
• Ensure all restored environments meet strict security standards

Ongoing Updates

We will continue to provide progress updates here:

•  https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

We sincerely appreciate your continued patience and understanding as we work through this incident with the highest priority on security and service reliability.

SkyNetHosting.Net Inc.

Security & Infrastructure Team