Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
Summary
A critical vulnerability in cPanel, tracked as CVE-2026-41940, is being actively exploited by attackers to compromise websites and deploy the 'Sorry' ransomware. The flaw allows for unauthorized access, leading to data encryption and system disruption.
IFF Assessment
This vulnerability is being actively exploited in real-world attacks, posing a significant threat to defenders by allowing unauthorized access and ransomware deployment.
Severity
The CVSS score is estimated to be high due to the critical nature of the vulnerability, likely involving an easily exploitable attack vector (e.g., network attack, low complexity) with significant impacts on confidentiality, integrity, and availability, as evidenced by its mass exploitation for ransomware.
CISA KEV: Listed as actively exploited. Federal patch due: May 03, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability highlights the immediate threat posed by unpatched cPanel systems, as attackers are actively exploiting it for ransomware deployment. Defenders should prioritize patching or mitigating CVE-2026-41940 and monitor for any signs of compromise, especially ransomware activity originating from cPanel-accessed systems.