Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.
The Hacker News

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

CISA added CVE-2026-54420 to KEV, requiring federal agencies to patch LiteSpeed cPanel root escalation by June 18, 2026.
heise online

cPanel/WHM: Unauthorized access to web server configuration tool possible

Attackers can exploit a “critical” security vulnerability in the cPanel and WebHost Manager (WHM) web server administration software to gain unauthorized access. So far, there are no reports of ...