Recommendation from the Government Plenipotentiary for Cybersecurity – update of the cPanel and WebHost Manager (WHM) - Office of Electronic Communications

  1. Main page
  2. Newsroom
  3. Recommendation from the Government Plenipotentiary for Cybersecurity – update of the cPanel and WebHost Manager (WHM)
Recommendation from the Government Plenipotentiary for Cybersecurity – update of the cPanel and WebHost Manager (WHM)

Recommendation from the Government Plenipotentiary for Cybersecurity – update of the cPanel and WebHost Manager (WHM)

25 May 2026

The Plenipotentiary has recommended that entities of the national cybersecurity system immediately update the cPanel and WebHost Manager (WHM) software to the latest version or to a version, in which the critical vulnerability CVE-2026-41940 has been removed.

The vulnerability enables the circumvention  of authentication mechanisms and the remote execution of code.

The Plenipotentiary also recommends verification on whether the vulnerability has not been exploited using a dedicated script available on the manufacturer’s website.

The complete text of this recommendation is available at: https://www.gov.pl/web/cyfryzacja/pelnomocnik-rzadu-ds-cyberbezpieczenstwa-wydal-rekomendacje-podmiotom-krajowego-systemu-cyberbezpieczenstwa-wskazujaca-na-koniecznosc-bezzwlocznej-aktualizacji-oprogramowania-cpanel-oraz-webhost-manager-whm