Critical cPanel Vulnerability Exploited in Southeast Asia Cyber Attacks

Severity: High (Score: 78.0)

Sources: Cybersecuritynews, Securityaffairs.Co

Summary

A sophisticated cyber campaign has exploited a critical cPanel vulnerability (CVE-2026-41940) to breach government and military servers in Southeast Asia, particularly targeting Indonesia. The attackers utilized a custom zero-day exploit chain to access sensitive information, exfiltrating over 4GB of documents related to Chinese railway projects. The vulnerability was published on April 29, 2026, and was actively exploited as of April 30, 2026. In addition to Indonesian targets, the campaign has also affected managed service providers (MSPs) in countries including the Philippines, Laos, Canada, and the U.S. The attack highlights the urgent need for organizations to patch this critical vulnerability to prevent further exploitation. Current assessments indicate that the threat remains active and evolving. Key Points: • CVE-2026-41940 is a critical cPanel vulnerability with a CVSS score of 9.8. • Over 4GB of sensitive documents were exfiltrated from targeted servers. • The attack impacts government and military organizations across Southeast Asia and beyond.

Key Entities

• Data Breach (attack_type)
• Zero-day Exploit (attack_type)
• Canada (country)
• Laos (country)
• Philippines (country)
• CVE-2026-41940 (cve)
• CWE-287 - Improper Authentication (cwe)
• Government (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• cPanel (platform)