Update: cPanel Security Incident – Recovery Progress

We would like to provide an important update regarding the ongoing cPanel/WHM security incident (CVE-2026-41940)

Current Progress

As of now:

• Approximately 15% of all affected servers have been fully restored, upgraded, and secured.
• Over 30% of our reseller hosting servers have been successfully recovered and brought back online.
  
  

All restored systems have been:

• Upgraded to patched versions
• Fully rebuilt (OS reload) where required
• Security-hardened before reactivation

Due to the severity of the incident, we are not publishing specific server names publicly as part of our security policy.

 Why Recovery is Taking Time

This vulnerability is classified as critical (CVSS 9.8) and allows attackers to bypass authentication and gain administrative access without credentials.

Security researchers have confirmed:

• Active exploitation in the wild
• Potential for full server compromise including websites, databases, and configurations

Given the scale and risk, each server must go through a complete security validation process before being brought back online.

Our Recovery Approach

We are following a strict, security-first recovery process:

1. Isolation of affected systems
2. Full OS reload and environment rebuild
3. Upgrade to latest patched cPanel versions
4. Security hardening and access restrictions
5. Data validation and service testing
6. Controlled reactivation

This ensures that restored services are stable, secure, and not vulnerable to re-exploitation

 What This Means for Clients

• Services are being restored in phases, not all at once
• Priority is given to system integrity and security over speed
• Some services may take longer due to deeper validation requirements

Further Reading & Transparency

For full details on this incident and technical background, you may refer to:

• https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services
• https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/](https://skynethosting.net/blog/cpanel-hack-cve-2026-41940
• https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940
• https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Next Steps

Our teams are continuing to work around the clock to:

• Accelerate recovery across remaining servers
• Monitor for any suspicious activity
• Ensure all restored environments meet strict security standards

Ongoing Updates

We will continue to provide progress updates here:

•  https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

We sincerely appreciate your continued patience and understanding as we work through this incident with the highest priority on security and service reliability.

SkyNetHosting.Net Inc.

Security & Infrastructure Team