Threat Actor Exploits Critical cPanel Vulnerability to Deploy Backdoor

A threat actor identified as Mr_Rot13 is actively exploiting a critical cPanel vulnerability (CVE-2026-41940) to deploy a backdoor named Filemanager on compromised systems. The flaw affects cPanel and WebHost Manager (WHM), enabling authentication bypass and granting remote attackers elevated control over the hosting environment. No specific dates for the vulnerability’s disclosure or exploitation timeline were provided. The attack leverages the unpatched flaw to establish persistent access, though further technical details of the backdoor’s functionality were not disclosed.