cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

thehackernews.com·May 11, 2026

Mr_Rot13 has exploited a critical vulnerability in cPanel (CVE-2026-41940) to deploy a backdoor called Filemanager, enabling remote attackers to gain elevated control through authentication bypass.

For a cybersecurity professional, the key insight is that the critical cPanel flaw CVE-2026-41940 is being actively exploited by threat actor Mr_Rot13 to deploy the Filemanager backdoor. Immediate action should be taken to patch this vulnerability to prevent authentication bypass and potential remote control by attackers, making it critical to prioritize patch management and monitor for signs of exploitation in environments deploying cPanel and WHM.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

Want more content like this?

More from Cybersecurity News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Linux bitten by second severe vulnerability in as many weeks

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation