Security Incident: cPanel/WHM Vulnerability (CVE-2026-41940)
Security Incident: cPanel/WHM Vulnerability (CVE-2026-41940)
Iperium is currently responding to a recently disclosed critical vulnerability in cPanel/WHM systems (CVE-2026-41940), which is being actively exploited in Australia as reported by the Australian Cyber Security Centre (ACSC).
What has happened
We have identified that some of our systems were impacted by this vulnerability. As soon as this was detected, we immediately initiated our incident response procedures to contain and remediate the issue.
What we're doing
Our team is actively working through the following actions:
- ✅ Applying all relevant security patches and updates
- ✅ Isolating and securing affected systems
- ✅ Conducting a full security review and forensic analysis
- ✅ Increasing monitoring across all services
- ✅ Restoring and validating services where required
What this means for you
- Some services may experience interruption or degraded performance while remediation is ongoing.
- At this stage, investigations are ongoing to determine the full scope of impact.
- If we identify that your specific service or data has been affected, we will contact you directly.
What you need to do
At this time:
- No immediate action is required from customers.
- As a precaution, we recommend updating any passwords associated with your hosting services once systems are fully restored.
Further updates
We will continue to provide updates as more information becomes available. For technical details on the vulnerability, please refer to the official advisory: ACSC Advisory — Active exploitation of cPanel/WHM critical vulnerability.
Our commitment
We take security extremely seriously and are committed to:
- Resolving this issue as quickly and safely as possible
- Maintaining transparency throughout the process
- Strengthening protections to prevent future incidents
We appreciate your patience and understanding while we work through this.
— The Iperium Team