{"id":5632,"date":"2026-05-03T14:50:28","date_gmt":"2026-05-03T18:50:28","guid":{"rendered":"https:\/\/www.canspace.ca\/blog\/?p=5632"},"modified":"2026-05-03T14:50:28","modified_gmt":"2026-05-03T18:50:28","slug":"cpanel-auth-bypass-copy-fail-cve-2026","status":"publish","type":"post","link":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/","title":{"rendered":"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail"},"content":{"rendered":"<p>The week of April 28 brought two unusually severe vulnerabilities in the same software stack that runs most of the web hosting industry. One is a critical authentication bypass in cPanel and WHM, the control panel running on roughly 1.5 million internet-facing servers. The other is a Linux kernel flaw, named &#8220;Copy Fail,&#8221; that gives any unprivileged local user a reliable path to root on essentially every Linux distribution shipped since 2017.<\/p>\n<p>Both were disclosed within 24 hours of each other. Both have working public exploits. Both affect the same set of servers. Here is what each one does, what the timeline looked like, and why the combination is unusual.<\/p>\n<h2>CVE-2026-41940: cPanel and WHM authentication bypass<\/h2>\n<p>The cPanel vulnerability is an authentication bypass via CRLF (carriage-return \/ line-feed) injection. In short: an attacker sends a specially crafted login request to cPanel&#8217;s web interface, and the server writes attacker-controlled values into a session file as if the attacker had authenticated. The injected session can then be replayed to gain root-level access to the server.<\/p>\n<p>The technical chain is more involved (it abuses both how cPanel handles malformed cookies, skipping encryption, and how the session writer fails to sanitise newline characters in the password field), but the end result is that an unauthenticated attacker on the internet can take over a cPanel host with a single HTTP request. CVSS 9.8.<\/p>\n<p>Timeline:<\/p>\n<ul>\n<li><strong>February 23, 2026<\/strong>: First in-the-wild exploitation observed. The vulnerability had been actively exploited for roughly two months before public disclosure.<\/li>\n<li><strong>April 28, 2026<\/strong>: cPanel published a <a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-cPanel-WHM-Security-Update-04-28-2026\" target=\"_blank\" rel=\"noopener\">security advisory<\/a> and released patched builds across all supported branches.<\/li>\n<li><strong>April 29, 2026<\/strong>: CISA added the CVE to its <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940\" target=\"_blank\" rel=\"noopener\">Known Exploited Vulnerabilities catalog<\/a>.<\/li>\n<li><strong>Late April<\/strong>: <a href=\"https:\/\/labs.watchtowr.com\/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940\/\" target=\"_blank\" rel=\"noopener\">watchTowr Labs<\/a> and others published technical writeups and proof-of-concept exploits.<\/li>\n<\/ul>\n<p>Around 1.5 million cPanel\/WHM instances are exposed to the internet. After the patch dropped, scanning IPs ramped up sharply: the Shadowserver Foundation reported tens of thousands of unique sources probing cPanel ports within days. Coverage from <a href=\"https:\/\/thehackernews.com\/2026\/04\/critical-cpanel-authentication.html\" target=\"_blank\" rel=\"noopener\">The Hacker News<\/a> and <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/04\/30\/cpanel-zero-day-vulnerability-cve-2026-41940-exploited\/\" target=\"_blank\" rel=\"noopener\">Help Net Security<\/a> tracks the broader picture.<\/p>\n<p>Patched cPanel versions, per the official advisory, are 11.86.0.41, 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.130.0.19, 11.132.0.29, 11.134.0.20, 11.136.0.5, and WP Squared 11.136.1.7. Anything older than 11.86.0.41, or on a branch not in this list, is unpatched.<\/p>\n<h2>CVE-2026-31431: &#8220;Copy Fail&#8221;<\/h2>\n<p>The Linux kernel vulnerability is a logic bug in the AF_ALG userspace cryptography interface, specifically the <code>algif_aead<\/code> and <code>authencesn<\/code> modules. The disclosure (and the project nickname) came from researchers at Theori, who published a project page and a working exploit at <a href=\"https:\/\/copy.fail\" target=\"_blank\" rel=\"noopener\">copy.fail<\/a>.<\/p>\n<p>The bug: a 2017 in-place optimisation in the kernel let user-controlled data be placed into a writable page-cache scatterlist. By chaining an AF_ALG socket with <code>splice()<\/code>, an unprivileged local user can perform a deterministic 4-byte write to any readable file&#8217;s page-cache page, including setuid binaries like <code>\/usr\/bin\/su<\/code>. Edit four bytes of <code>su<\/code> to call a different syscall, run <code>su<\/code>, get a root shell. The complete public exploit fits in 732 bytes of Python.<\/p>\n<p>Timeline:<\/p>\n<ul>\n<li><strong>July 2017<\/strong>: The optimisation that introduced the bug landed in the Linux kernel. Every kernel since has been vulnerable.<\/li>\n<li><strong>April 1, 2026<\/strong>: The fix was committed to mainline, reverting the optimisation.<\/li>\n<li><strong>April 22, 2026<\/strong>: The kernel CVE was published privately to distribution security teams via the <a href=\"https:\/\/lore.kernel.org\/linux-cve-announce\/2026042214-CVE-2026-31431-3d65@gregkh\/\" target=\"_blank\" rel=\"noopener\">linux-cve-announce<\/a> list.<\/li>\n<li><strong>April 29, 2026<\/strong>: Public disclosure on the <a href=\"https:\/\/www.openwall.com\/lists\/oss-security\/2026\/04\/29\/23\" target=\"_blank\" rel=\"noopener\">oss-security mailing list<\/a>. A working exploit appeared on <a href=\"https:\/\/github.com\/theori-io\/copy-fail-CVE-2026-31431\" target=\"_blank\" rel=\"noopener\">GitHub<\/a> the same day.<\/li>\n<\/ul>\n<p>Practically every Linux server, container host, and desktop running a kernel from the last eight years is affected. That includes all current Red Hat \/ AlmaLinux \/ Rocky \/ CentOS, Ubuntu, Debian, SUSE, and CloudLinux releases. The impact is local privilege escalation only (you need to already be on the system to exploit it), but in any environment with multiple users (shared hosting, multi-tenant containers, CI\/CD runners), that bar is low.<\/p>\n<p>Vendor advisories have come from <a href=\"https:\/\/access.redhat.com\/security\/cve\/cve-2026-31431\" target=\"_blank\" rel=\"noopener\">Red Hat<\/a>, <a href=\"https:\/\/ubuntu.com\/blog\/copy-fail-vulnerability-fixes-available\" target=\"_blank\" rel=\"noopener\">Ubuntu<\/a>, <a href=\"https:\/\/blog.cloudlinux.com\/cve-2026-31431-copy-fail-mitigation-and-patches\" target=\"_blank\" rel=\"noopener\">CloudLinux<\/a>, and <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/01\/cve-2026-31431-copy-fail-vulnerability-enables-linux-root-privilege-escalation\/\" target=\"_blank\" rel=\"noopener\">Microsoft<\/a>. The <a href=\"https:\/\/www.sysdig.com\/blog\/cve-2026-31431-copy-fail-linux-kernel-flaw-lets-local-users-gain-root-in-seconds\" target=\"_blank\" rel=\"noopener\">Sysdig technical writeup<\/a> walks through the exploit chain in detail. KernelCare livepatches landed on April 30 and rolled to the main feed within 48 hours; distributions without a livepatch system require a kernel update and a reboot.<\/p>\n<h2>Why this combination matters<\/h2>\n<p>Two CVEs in the same week affecting the same servers is not ordinary. cPanel runs the majority of shared hosting in the world, and the Linux kernel runs all of it. A hosting provider that ignored both for a few days would have given attackers two complementary paths into the same boxes: the cPanel bug lands you on the host, and Copy Fail elevates you to root.<\/p>\n<p>The patching paths are also different in ways that matter. The cPanel patch is straightforward: update via cPanel&#8217;s normal update mechanism, restart cpsrvd, done. The kernel patch is harder if you do not have a livepatching system, because applying it the traditional way requires a reboot of every Linux server in your fleet. Most providers cannot do that quickly without disruption.<\/p>\n<h2>How we handled both<\/h2>\n<p>We patched both vulnerabilities across our entire fleet within hours of public disclosure.<\/p>\n<p>For the cPanel bypass, every cPanel server we operate was already running a patched build before the disclosure-driven scanning ramped up. We then ran indicator-of-compromise sweeps on all servers using both cPanel&#8217;s official scanner and a hardened community variant. The sweeps came back clean across every server we audited.<\/p>\n<p>For Copy Fail, we deployed KernelCare livepatches across our fleet. KernelCare lets us apply kernel security patches without rebooting, which means clients saw zero downtime for the kernel fix. Our shared hosting fleet was fully livepatched within hours of the patches being released. We extended the same livepatching to every active client VPS and dedicated server. The client servers that do not run KernelCare (older boxes that predate its deployment, plus a few Ubuntu and CentOS 7 servers) are being addressed via vendor kernel updates and scheduled reboots.<\/p>\n<p>If you are a CanSpace client, no action is required on your end. The fix is in place.<\/p>\n<h2>The point<\/h2>\n<p>Both of these vulnerabilities will be in security news cycles for weeks, and exploitation will continue against unpatched servers indefinitely. The lesson, for anyone running their own infrastructure rather than just for hosting customers, is the value of a vulnerability response process that does not depend on planned maintenance windows. Livepatching the kernel without rebooting, having an inventory of every server you need to update, knowing where your IOC scanner output goes, and being able to ship a fleet-wide patch in hours rather than weeks all matter when the attacker has a working exploit and a 48-hour head start.<\/p>\n<p>For everyone else: if your hosting provider has not told you anything about either of these, that is worth a question.<\/p>\n<hr \/>\n<p>Some readers will have noticed by now that this article is on a hosting provider&#8217;s blog. Full disclosure: we are CanSpace, a Canadian-incorporated company with all data centers in Canada and Canadian-staffed support. Both vulnerabilities described above were patched across our infrastructure within hours of disclosure, and we run the same response process on every CVE that touches our fleet.<\/p>\n<p>If you are evaluating hosting providers, our <a href=\"https:\/\/www.canspace.ca\/web-hosting.html\">hosting plans<\/a>, <a href=\"https:\/\/www.canspace.ca\/vps.html\">VPS<\/a>, and <a href=\"https:\/\/www.canspace.ca\/dedicated-servers.html\">dedicated server<\/a> pages cover the technical side, and our <a href=\"https:\/\/www.canspace.ca\/why-choose-a-canadian-web-hosting-provider.html\">why-Canadian explainer<\/a> covers the data sovereignty angle. Or <a href=\"https:\/\/www.canspace.ca\/contact.html\">contact us directly<\/a> if you have questions about how we handle vulnerability response.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The week of April 28 brought two unusually severe vulnerabilities in the same software stack that runs most of the web hosting industry. One is a critical authentication bypass in cPanel and WHM, the control panel running on roughly 1.5 million internet-facing servers. The other is a Linux kernel flaw, named &#8220;Copy Fail,&#8221; that gives [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5637,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"client_name":"","client_title":"","client_company_name":"","client_url":"","client_quote":"","footnotes":""},"categories":[143],"tags":[],"class_list":["post-5632","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail - CanSpace<\/title>\n<meta name=\"description\" content=\"A cPanel auth bypass and a Linux kernel flaw, both critical, hit hosting infrastructure within 24 hours of each other in late April. Here is what each does.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail - CanSpace\" \/>\n<meta property=\"og:description\" content=\"A cPanel auth bypass and a Linux kernel flaw, both critical, hit hosting infrastructure within 24 hours of each other in late April. Here is what each does.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Canada&#039;s Leading Web Hosting and Domain Name Provider\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/canspace.ca\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-03T18:50:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-og.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"CanSpace Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-og.png\" \/>\n<meta name=\"twitter:creator\" content=\"@canspace_ca\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CanSpace Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/\"},\"author\":{\"name\":\"CanSpace Team\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#\\\/schema\\\/person\\\/6bf91c438b083753bbb7d2736141a6bb\"},\"headline\":\"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail\",\"datePublished\":\"2026-05-03T18:50:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/\"},\"wordCount\":1185,\"publisher\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cpanel-cve-copy-fail-hero.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/\",\"url\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/\",\"name\":\"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail - CanSpace\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cpanel-cve-copy-fail-hero.png\",\"datePublished\":\"2026-05-03T18:50:28+00:00\",\"description\":\"A cPanel auth bypass and a Linux kernel flaw, both critical, hit hosting infrastructure within 24 hours of each other in late April. Here is what each does.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cpanel-cve-copy-fail-hero.png\",\"contentUrl\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cpanel-cve-copy-fail-hero.png\",\"width\":1200,\"height\":630,\"caption\":\"CVE-2026-41940 cPanel auth bypass and CVE-2026-31431 Linux Copy Fail - editorial hero\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/security\\\/cpanel-auth-bypass-copy-fail-cve-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/\",\"name\":\"Canada&#039;s Leading Web Hosting and Domain Name Provider\",\"description\":\"Canada&#039;s Leading Domain Registrar and Web Hosting Provider\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#organization\",\"name\":\"CanSpace Solutions\",\"url\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/logolargesize.png\",\"contentUrl\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/logolargesize.png\",\"width\":2200,\"height\":709,\"caption\":\"CanSpace Solutions\"},\"image\":{\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/#\\\/schema\\\/person\\\/6bf91c438b083753bbb7d2736141a6bb\",\"name\":\"CanSpace Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9b2bb643a6826d4384e5d0aaa9b5fd33aeec14a0d6a07b042f333625711d334f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9b2bb643a6826d4384e5d0aaa9b5fd33aeec14a0d6a07b042f333625711d334f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9b2bb643a6826d4384e5d0aaa9b5fd33aeec14a0d6a07b042f333625711d334f?s=96&d=mm&r=g\",\"caption\":\"CanSpace Team\"},\"description\":\"CanSpace Solutions is Canada's leading domain name registrar and web hosting provider. Keep an eye on our blog for expert information on domain names, websites, and running a business online.\",\"sameAs\":[\"https:\\\/\\\/www.canspace.ca\",\"https:\\\/\\\/www.facebook.com\\\/canspace.ca\",\"https:\\\/\\\/x.com\\\/canspace_ca\"],\"url\":\"https:\\\/\\\/www.canspace.ca\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail - CanSpace","description":"A cPanel auth bypass and a Linux kernel flaw, both critical, hit hosting infrastructure within 24 hours of each other in late April. Here is what each does.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/","og_locale":"en_US","og_type":"article","og_title":"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail - CanSpace","og_description":"A cPanel auth bypass and a Linux kernel flaw, both critical, hit hosting infrastructure within 24 hours of each other in late April. Here is what each does.","og_url":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/","og_site_name":"Canada&#039;s Leading Web Hosting and Domain Name Provider","article_author":"https:\/\/www.facebook.com\/canspace.ca","article_published_time":"2026-05-03T18:50:28+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-og.png","type":"image\/png"}],"author":"CanSpace Team","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-og.png","twitter_creator":"@canspace_ca","twitter_misc":{"Written by":"CanSpace Team","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/#article","isPartOf":{"@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/"},"author":{"name":"CanSpace Team","@id":"https:\/\/www.canspace.ca\/blog\/#\/schema\/person\/6bf91c438b083753bbb7d2736141a6bb"},"headline":"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail","datePublished":"2026-05-03T18:50:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/"},"wordCount":1185,"publisher":{"@id":"https:\/\/www.canspace.ca\/blog\/#organization"},"image":{"@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-hero.png","articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/","url":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/","name":"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail - CanSpace","isPartOf":{"@id":"https:\/\/www.canspace.ca\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/#primaryimage"},"image":{"@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-hero.png","datePublished":"2026-05-03T18:50:28+00:00","description":"A cPanel auth bypass and a Linux kernel flaw, both critical, hit hosting infrastructure within 24 hours of each other in late April. Here is what each does.","breadcrumb":{"@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/#primaryimage","url":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-hero.png","contentUrl":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2026\/05\/cpanel-cve-copy-fail-hero.png","width":1200,"height":630,"caption":"CVE-2026-41940 cPanel auth bypass and CVE-2026-31431 Linux Copy Fail - editorial hero"},{"@type":"BreadcrumbList","@id":"https:\/\/www.canspace.ca\/blog\/security\/cpanel-auth-bypass-copy-fail-cve-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.canspace.ca\/blog\/"},{"@type":"ListItem","position":2,"name":"Two critical CVEs hit hosting infrastructure: cPanel auth bypass and Linux Copy Fail"}]},{"@type":"WebSite","@id":"https:\/\/www.canspace.ca\/blog\/#website","url":"https:\/\/www.canspace.ca\/blog\/","name":"Canada&#039;s Leading Web Hosting and Domain Name Provider","description":"Canada&#039;s Leading Domain Registrar and Web Hosting Provider","publisher":{"@id":"https:\/\/www.canspace.ca\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.canspace.ca\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.canspace.ca\/blog\/#organization","name":"CanSpace Solutions","url":"https:\/\/www.canspace.ca\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.canspace.ca\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2016\/11\/logolargesize.png","contentUrl":"https:\/\/www.canspace.ca\/blog\/wp-content\/uploads\/2016\/11\/logolargesize.png","width":2200,"height":709,"caption":"CanSpace Solutions"},"image":{"@id":"https:\/\/www.canspace.ca\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.canspace.ca\/blog\/#\/schema\/person\/6bf91c438b083753bbb7d2736141a6bb","name":"CanSpace Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9b2bb643a6826d4384e5d0aaa9b5fd33aeec14a0d6a07b042f333625711d334f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9b2bb643a6826d4384e5d0aaa9b5fd33aeec14a0d6a07b042f333625711d334f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9b2bb643a6826d4384e5d0aaa9b5fd33aeec14a0d6a07b042f333625711d334f?s=96&d=mm&r=g","caption":"CanSpace Team"},"description":"CanSpace Solutions is Canada's leading domain name registrar and web hosting provider. Keep an eye on our blog for expert information on domain names, websites, and running a business online.","sameAs":["https:\/\/www.canspace.ca","https:\/\/www.facebook.com\/canspace.ca","https:\/\/x.com\/canspace_ca"],"url":"https:\/\/www.canspace.ca\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/posts\/5632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/comments?post=5632"}],"version-history":[{"count":2,"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/posts\/5632\/revisions"}],"predecessor-version":[{"id":5634,"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/posts\/5632\/revisions\/5634"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/media\/5637"}],"wp:attachment":[{"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/media?parent=5632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/categories?post=5632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.canspace.ca\/blog\/wp-json\/wp\/v2\/tags?post=5632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}