Critical cPanel Flaw CVE-2026-41940 Mass-Exploited in "Sorry" Ransomware Attacks

A newly disclosed cPanel vulnerability tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware campaigns. cPanel is a widely deployed web hosting control panel, so exploitation reaches across shared hosting providers and the sites they serve.

Attackers are leveraging the flaw to gain initial access to hosting environments before deploying ransomware payloads. Hosting providers and site operators running cPanel should apply available patches immediately and audit for signs of compromise. No further technical detail (CVSSv3 score, affected versions) was available in the feed summary at time of writing.