At myshophosting, the security of your websites, email, and data is always our top priority. We take a proactive approach to protecting our customers, and this week was no exception.

Our Response to CVE-2026-41940

On 28 April 2026, cPanel publicly disclosed a critical authentication bypass vulnerability (CVE-2026-41940, CVSS 9.8) affecting cPanel and WHM.

Here’s how we responded:

  • 29 April 2026 – 5:05 AM AEST: cPanel published initial security advisory
  • 29 April 2026 – 08:33 AM AEST: All myshophosting servers were fully patched
  • Ongoing: We continue to monitor and clean up residual scanning attempts

Result: No evidence of any successful compromise was found on any myshophosting server.

We will continue to monitor the situation and will provide follow up blog posts should they be required.

References:

https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026