Critical cPanel Vulnerability CVE-2026-41940 Mass-Exploited in "Sorry" Ransomware Attacks

A critical cPanel vulnerability tracked as CVE-2026-41940 is being mass-exploited to compromise websites and deploy "Sorry" ransomware, encrypting victim data. The flaw allows attackers to breach systems through unpatched cPanel installations, though specific technical details of the exploit mechanism remain undisclosed. No exact timeline for the attacks or initial disclosure date was provided, but active exploitation is confirmed. The impact includes unauthorized access, data encryption, and potential ransom demands targeting affected web hosting environments. The attacks highlight the risks of unpatched control panel software in web infrastructure.