The ACSC issued an advisory on active exploitation of a vulnerability (CVE-2026-4194) affecting cPanel and WebHost Manager administration interfaces — the control panels used to manage huge numbers of websites and hosting servers. It’s a textbook example of the systems that fall through the cracks: internet-facing, highly privileged, and often not part of anyone’s patch schedule because “the host looks after it.”

Control panels are attractive precisely because one compromise can reach many sites, mailboxes and databases. And like the edge-device story playing out across 2026, the entry point isn’t exotic — it’s an exposed admin interface that’s a version or two behind.

If you run cPanel/WHM anywhere — your own server, a reseller account, a legacy hosting box nobody’s logged into for a year — confirm it’s patched against this CVE, put the admin interface behind IP restrictions or a VPN rather than the open internet, and enforce MFA on it. Then add it to the inventory so it’s not a surprise next time.

What it means for your businessInternet-facing admin panels like cPanel/WHM are easy to forget and valuable to attackers. Patch CVE-2026-4194, restrict and MFA-protect the admin interface, and add it to your asset inventory.
Source & referenceACSC — Alerts and advisories ↑