Critical cPanel Authentication Bypass Vulnerability Exploited to Deploy Sorry Ransomware on Linux Servers

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel and WHM is being actively exploited at scale to compromise internet-exposed hosting panels and deploy the "Sorry" ransomware on Linux servers. The exploitation volume is significant enough to warrant treating exposed systems as potentially compromised, even after patching. The flaw specifically targets cPanel and WHM control panels, which are widely used for web hosting management. No specific timeline or affected version range was provided, but the attack campaign is described as large-scale. The primary impact involves unauthorized control of servers and encryption of data via ransomware.