PoC code for the cPanel authentication bypass is now circulating, enabling attackers to take full control of vulnerable web hosting servers without a password.
A severe authentication bypass vulnerability in cPanel is being actively exploited in the wild. Security researchers have confirmed the existence of a working proof of concept (PoC) that allows attackers to bypass login credentials and gain unauthorized administrative access to compromised web hosting panels. This zero day threat affects a wide range of cPanel versions and puts thousands of websites at immediate risk of takeover.
Vulnerability Details
The flaw resides in the authentication mechanism that cPanel uses to validate user sessions. By sending specially crafted requests, an attacker can circumvent the login process entirely without needing valid account credentials. This grants full administrative control over the affected cPanel instance, enabling actions such as modifying website files, extracting sensitive data, and installing persistent backdoors. The vulnerability has been assigned CVE 2026 12345 (placeholder: check cve.org for the official identifier as it has not yet been published).
Impact and Scope
cPanel is one of the most widely used web hosting control panels, powering millions of websites globally. Any hosting provider or individual server administrator running a vulnerable version is immediately exposed to full compromise. Attackers can use this access to deface websites, steal customer databases, inject malicious code, or pivot to other servers on the same network. Administrators are urged to apply the vendor supplied patch immediately and to review server logs for signs of unauthorized access attempts.
Urgent Mitigation Steps
All cPanel users should upgrade to the latest patched version without delay. Additionally, administrators should enable two factor authentication where possible, restrict administrative interface access to trusted IP addresses, and monitor for unusual activity such as unexpected login events or changes to user accounts. Until the patch is applied, consider temporarily disabling remote access to the cPanel login page to reduce the attack surface.
Source: Cyber Security News
