Over 40,000 Servers Compromised in Ongoing cPanel Zero-Day Exploitation Campaign

Security researchers estimate over 40,000 servers have been compromised in ongoing attacks targeting CVE-2026-41940, a recently patched cPanel zero-day that allowed administrative access. The zero-day was allegedly exploited for months before a patch was released. cPanel is used by millions of web hosting providers globally, making this one of the largest server compromise campaigns of 2026.