{"id":6316,"date":"2026-05-04T10:21:46","date_gmt":"2026-05-04T08:21:46","guid":{"rendered":"https:\/\/tech.kouzay.com\/?p=6316"},"modified":"2026-05-04T10:26:22","modified_gmt":"2026-05-04T08:26:22","slug":"faille-cpanel-15-million-de-serveurs-exposes-depuis-fevrier","status":"publish","type":"post","link":"https:\/\/tech.kouzay.com\/index.php\/2026\/05\/04\/faille-cpanel-15-million-de-serveurs-exposes-depuis-fevrier\/","title":{"rendered":"Faille cPanel : 1,5 million de serveurs expos\u00e9s depuis f\u00e9vrier"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\r\n\r\n\r\n \r\n \r\n Faille cPanel : 1,5 million de serveurs expos\u00e9s, OVHcloud, o2switch, LWS touch\u00e9s \u00b7 tech.kouzay.com<\/title>\r\n \r\n <!-- META SEO -->\r\n <meta name=\"description\" content=\"Une faille critique dans cPanel (CVE-2026-41940, note 9,8\/10) expose plus d'1,5 million de serveurs depuis f\u00e9vrier. OVHcloud, o2switch, LWS et PlanetHoster touch\u00e9s. D\u00e9couvrez comment v\u00e9rifier votre site et vous prot\u00e9ger.\">\r\n <meta name=\"keywords\" content=\"cPanel faille, CVE-2026-41940, OVHcloud faille, o2switch, LWS, h\u00e9bergement web, cybers\u00e9curit\u00e9, contournement authentification, serveur expos\u00e9, WebPros\">\r\n \r\n <link rel=\"preconnect\" href=\"https:\/\/fonts.googleapis.com\">\r\n <link rel=\"preconnect\" href=\"https:\/\/fonts.gstatic.com\" crossorigin>\r\n <link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:opsz,wght@14..32,400;14..32,500;14..32,600;14..32,700&display=swap\" rel=\"stylesheet\">\r\n <link rel=\"stylesheet\" href=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/font-awesome\/6.0.0-beta3\/css\/all.min.css\">\r\n \r\n <style>\r\n * {\r\n margin: 0;\r\n padding: 0;\r\n box-sizing: border-box;\r\n }\r\n body {\r\n font-family: 'Inter', sans-serif;\r\n background: #f5f7fc;\r\n color: #1a2c3e;\r\n line-height: 1.5;\r\n }\r\n .container {\r\n max-width: 1000px;\r\n margin: 0 auto;\r\n padding: 2rem 1.5rem;\r\n }\r\n h1 {\r\n font-size: 2rem;\r\n font-weight: 700;\r\n background: linear-gradient(135deg, #dc2626, #991b1b);\r\n -webkit-background-clip: text;\r\n -webkit-text-fill-color: transparent;\r\n background-clip: text;\r\n margin-bottom: 0.5rem;\r\n line-height: 1.2;\r\n }\r\n h2 {\r\n font-size: 1.5rem;\r\n font-weight: 600;\r\n color: #dc2626;\r\n margin: 1.8rem 0 1rem 0;\r\n display: flex;\r\n align-items: center;\r\n gap: 0.6rem;\r\n border-left: 4px solid #dc2626;\r\n padding-left: 1rem;\r\n }\r\n h3 {\r\n font-size: 1.1rem;\r\n font-weight: 600;\r\n color: #2c3e66;\r\n margin: 0.8rem 0 0.3rem;\r\n }\r\n .meta {\r\n display: flex;\r\n gap: 1rem;\r\n color: #5b6e8c;\r\n font-size: 0.85rem;\r\n margin: 0.5rem 0 1rem;\r\n flex-wrap: wrap;\r\n }\r\n .badge {\r\n background: #fee2e2;\r\n padding: 0.2rem 0.8rem;\r\n border-radius: 30px;\r\n font-size: 0.75rem;\r\n font-weight: 600;\r\n color: #dc2626;\r\n display: inline-block;\r\n }\r\n .badge-green {\r\n background: #e6f4ea;\r\n color: #137333;\r\n }\r\n .badge-blue {\r\n background: #e0f2fe;\r\n color: #1a5f7a;\r\n }\r\n .intro {\r\n background: white;\r\n border-radius: 24px;\r\n padding: 1.5rem;\r\n margin-bottom: 2rem;\r\n box-shadow: 0 2px 8px rgba(0,0,0,0.03);\r\n border: 1px solid #e9edf2;\r\n }\r\n .intro p {\r\n font-size: 1rem;\r\n color: #2c3e66;\r\n }\r\n .highlight {\r\n background: #dc2626;\r\n color: white;\r\n padding: 0.1rem 0.3rem;\r\n border-radius: 8px;\r\n font-weight: 600;\r\n }\r\n .simple-box {\r\n background: #fee2e2;\r\n border-radius: 20px;\r\n padding: 1.2rem;\r\n margin: 1rem 0;\r\n border-left: 4px solid #dc2626;\r\n }\r\n .simple-box.warning {\r\n background: #fffbeb;\r\n border-left-color: #f59e0b;\r\n }\r\n .simple-box.success {\r\n background: #ecfdf5;\r\n border-left-color: #10b981;\r\n }\r\n .simple-box.info {\r\n background: #e0f2fe;\r\n border-left-color: #1a5f7a;\r\n }\r\n .feature-list {\r\n display: flex;\r\n flex-direction: column;\r\n gap: 1rem;\r\n margin: 1rem 0;\r\n }\r\n .feature-item {\r\n background: white;\r\n border-radius: 20px;\r\n padding: 1rem 1.2rem;\r\n border: 1px solid #eef2f8;\r\n display: flex;\r\n gap: 1rem;\r\n align-items: flex-start;\r\n }\r\n .feature-icon {\r\n font-size: 1.6rem;\r\n min-width: 45px;\r\n text-align: center;\r\n color: #dc2626;\r\n }\r\n .feature-text p {\r\n color: #3a4c66;\r\n font-size: 0.9rem;\r\n }\r\n .stats-grid {\r\n display: grid;\r\n grid-template-columns: repeat(4, 1fr);\r\n gap: 1rem;\r\n margin: 1.5rem 0;\r\n }\r\n @media (max-width: 700px) {\r\n .stats-grid {\r\n grid-template-columns: repeat(2, 1fr);\r\n }\r\n }\r\n .stat-card {\r\n background: white;\r\n padding: 1rem;\r\n border-radius: 20px;\r\n text-align: center;\r\n box-shadow: 0 2px 8px rgba(0,0,0,0.05);\r\n }\r\n .stat-number {\r\n font-size: 1.6rem;\r\n font-weight: 700;\r\n color: #dc2626;\r\n }\r\n .timeline {\r\n display: flex;\r\n justify-content: space-between;\r\n margin: 1rem 0;\r\n flex-wrap: wrap;\r\n gap: 0.5rem;\r\n }\r\n .timeline-step {\r\n background: #eef2f8;\r\n padding: 0.5rem 1rem;\r\n border-radius: 40px;\r\n font-size: 0.75rem;\r\n font-weight: 500;\r\n }\r\n .timeline-step.active {\r\n background: #dc2626;\r\n color: white;\r\n }\r\n .hosters-grid {\r\n display: grid;\r\n grid-template-columns: repeat(3, 1fr);\r\n gap: 1rem;\r\n margin: 1rem 0;\r\n }\r\n @media (max-width: 600px) {\r\n .hosters-grid {\r\n grid-template-columns: 1fr;\r\n }\r\n }\r\n .hoster-card {\r\n background: white;\r\n padding: 1rem;\r\n border-radius: 16px;\r\n text-align: center;\r\n border-top: 3px solid #dc2626;\r\n }\r\n .keywords {\r\n display: flex;\r\n flex-wrap: wrap;\r\n gap: 0.5rem;\r\n margin: 2rem 0 1rem;\r\n }\r\n .keywords span {\r\n background: #eef2f8;\r\n padding: 0.2rem 1rem;\r\n border-radius: 30px;\r\n font-size: 0.75rem;\r\n color: #2c4c6c;\r\n }\r\n footer {\r\n border-top: 1px solid #e2e8f0;\r\n margin-top: 2rem;\r\n padding-top: 1.5rem;\r\n font-size: 0.8rem;\r\n color: #5f6f84;\r\n text-align: center;\r\n }\r\n @media (max-width: 600px) {\r\n .feature-item {\r\n flex-direction: column;\r\n align-items: center;\r\n text-align: center;\r\n }\r\n }\r\n <\/style>\r\n<\/head>\r\n<body>\r\n<div class=\"container\">\r\n <!-- En-t\u00eate -->\r\n <h1>Faille cPanel : 1,5 million de serveurs expos\u00e9s depuis f\u00e9vrier<\/h1>\r\n <div class=\"meta\">\r\n <span><i class=\"far fa-calendar-alt\"><\/i> Mai 2026 \u00b7 Alerte cybers\u00e9curit\u00e9<\/span>\r\n <span><i class=\"fas fa-server\"><\/i> tech.kouzay.com \u00b7 H\u00e9bergement<\/span>\r\n <span class=\"badge\"><i class=\"fas fa-exclamation-triangle\"><\/i> CVE-2026-41940<\/span>\r\n <span class=\"badge-green\"><i class=\"fas fa-shield-alt\"><\/i> Note CVSS 9,8\/10<\/span>\r\n <\/div>\r\n \r\n <!-- Intro -->\r\n <div class=\"intro\">\r\n <p><strong>Pour les millions de propri\u00e9taires de sites web qui n'ont jamais entendu parler de cPanel, c'est pourtant l'outil qui fait tourner la boutique en coulisses.<\/strong> Ce panneau de contr\u00f4le permet d'administrer sites, bases de donn\u00e9es et comptes e-mail depuis une interface graphique. La quasi-totalit\u00e9 des h\u00e9bergeurs mutualis\u00e9s l'utilisent, et il \u00e9quipe <strong>environ 70 millions de domaines dans le monde<\/strong>. Le 28 avril, l'\u00e9diteur WebPros a publi\u00e9 un correctif en urgence pour une <strong>vuln\u00e9rabilit\u00e9 d'une gravit\u00e9 exceptionnelle, not\u00e9e 9,8 sur 10<\/strong> sur l'\u00e9chelle CVSS. Et les h\u00e9bergeurs fran\u00e7ais n'ont pas \u00e9t\u00e9 \u00e9pargn\u00e9s.<\/p>\r\n <\/div>\r\n \r\n <!-- Chronologie -->\r\n <div class=\"timeline\">\r\n <span class=\"timeline-step\">23 f\u00e9vrier \u00b7 Premi\u00e8res traces d'exploitation<\/span>\r\n <span class=\"timeline-step active\">28 avril \u00b7 Correctif publi\u00e9<\/span>\r\n <span class=\"timeline-step\">29 avril \u00b7 o2switch r\u00e9agit<\/span>\r\n <span class=\"timeline-step\">2 mai \u00b7 650 000 instances encore expos\u00e9es<\/span>\r\n <\/div>\r\n \r\n <!-- 1. Ce qu'il faut savoir sur la faille -->\r\n <h2><i class=\"fas fa-bug\"><\/i> 1. CVE-2026-41940 : une faille critique<\/h2>\r\n \r\n <div class=\"stats-grid\">\r\n <div class=\"stat-card\">\r\n <div class=\"stat-number\">9,8\/10<\/div>\r\n <div class=\"stat-label\">Gravit\u00e9 CVSS<\/div>\r\n <\/div>\r\n <div class=\"stat-card\">\r\n <div class=\"stat-number\">70M<\/div>\r\n <div class=\"stat-label\">domaines concern\u00e9s<\/div>\r\n <\/div>\r\n <div class=\"stat-card\">\r\n <div class=\"stat-number\">650k<\/div>\r\n <div class=\"stat-label\">instances expos\u00e9es (2 mai)<\/div>\r\n <\/div>\r\n <div class=\"stat-card\">\r\n <div class=\"stat-number\">44k<\/div>\r\n <div class=\"stat-label\">IPs attaquantes<\/div>\r\n <\/div>\r\n <\/div>\r\n \r\n <div class=\"feature-list\">\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-key\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>Un contournement d'authentification total<\/h3>\r\n <p>La faille <strong>CVE-2026-41940<\/strong> permet \u00e0 un attaquant de <strong>prendre le contr\u00f4le total d'un serveur sans disposer du moindre identifiant<\/strong>. Le m\u00e9canisme repose sur une <strong>injection de caract\u00e8res sp\u00e9ciaux (CRLF)<\/strong> dans l'en-t\u00eate d'authentification HTTP. En simplifiant, c'est comme si un cambrioleur pouvait r\u00e9\u00e9crire la serrure d'un immeuble en glissant un mot sous la porte, et se retrouver avec le trousseau du gardien.<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-tachometer-alt\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>Quatre requ\u00eates HTTP suffisent<\/h3>\r\n <p><strong>watchTowr Labs<\/strong>, la firme de s\u00e9curit\u00e9 qui a publi\u00e9 l'analyse technique et le code d'exploitation, r\u00e9sume la situation sans d\u00e9tour : un <strong>contournement d'authentification total<\/strong> sur le panneau de contr\u00f4le le plus r\u00e9pandu au monde. En quatre requ\u00eates HTTP, un attaquant peut devenir administrateur root.<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-history\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>Exploit\u00e9e depuis plus de deux mois<\/h3>\r\n <p>Les <strong>premi\u00e8res traces d'exploitation remontent au 23 f\u00e9vrier 2026<\/strong>, soit deux mois avant la publication du correctif. Pendant cette fen\u00eatre, les attaquants disposaient d'un acc\u00e8s libre \u00e0 <strong>toutes les versions de cPanel post\u00e9rieures \u00e0 la 11.40<\/strong>, c'est-\u00e0-dire la totalit\u00e9 du parc install\u00e9.<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/div>\r\n \r\n <div class=\"simple-box\">\r\n <p><strong>\ud83d\udd0d Comment \u00e7a marche ?<\/strong> L'attaquant envoie une tentative de connexion volontairement rat\u00e9e pour cr\u00e9er un fichier de session sur le serveur. Il y injecte des lignes frauduleuses (\u00ab user=root \u00bb, \u00ab tfa_verified=1 \u00bb) via l'en-t\u00eate HTTP. Le syst\u00e8me relit ces lignes comme l\u00e9gitimes et accorde un acc\u00e8s administrateur complet, <strong>mot de passe et double authentification contourn\u00e9s<\/strong>.<\/p>\r\n <\/div>\r\n \r\n <!-- 2. Les h\u00e9bergeurs fran\u00e7ais touch\u00e9s -->\r\n <h2><i class=\"fas fa-building\"><\/i> 2. Les h\u00e9bergeurs fran\u00e7ais pris de court<\/h2>\r\n \r\n <div class=\"hosters-grid\">\r\n <div class=\"hoster-card\">\r\n <i class=\"fas fa-check-circle\" style=\"color:#dc2626; font-size: 1.5rem;\"><\/i>\r\n <h3>o2switch<\/h3>\r\n <p><strong>R\u00e9action imm\u00e9diate<\/strong><br>Coupe pr\u00e9ventive de cPanel dans la nuit du 28 avril<\/p>\r\n <\/div>\r\n <div class=\"hoster-card\">\r\n <i class=\"fas fa-check-circle\" style=\"color:#dc2626; font-size: 1.5rem;\"><\/i>\r\n <h3>OVHcloud<\/h3>\r\n <p><strong>Impact confirm\u00e9<\/strong><br>Image cPanel non patch\u00e9e au moment de la divulgation<\/p>\r\n <\/div>\r\n <div class=\"hoster-card\">\r\n <i class=\"fas fa-check-circle\" style=\"color:#dc2626; font-size: 1.5rem;\"><\/i>\r\n <h3>LWS \/ PlanetHoster<\/h3>\r\n <p><strong>Exposition document\u00e9e<\/strong><br>Plans cPanel concern\u00e9s<\/p>\r\n <\/div>\r\n <\/div>\r\n \r\n <div class=\"feature-list\">\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-bolt\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>o2switch : la r\u00e9action radicale<\/h3>\r\n <p>L'h\u00e9bergeur clermontois <strong>o2switch<\/strong>, dont l'offre unique repose int\u00e9gralement sur cPanel, a r\u00e9agi <strong>avant m\u00eame la publication officielle de l'avis de s\u00e9curit\u00e9<\/strong>. Dans la nuit du 28 avril, ses \u00e9quipes ont <strong>coup\u00e9 pr\u00e9ventivement l'acc\u00e8s \u00e0 cPanel sur l'ensemble de leur parc de serveurs<\/strong> pour \u00e9viter toute compromission. Une mesure radicale qui a temporairement priv\u00e9 leurs clients de l'interface d'administration, mais qui leur a probablement <strong>\u00e9vit\u00e9 le pire<\/strong>.<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fab fa-ovh\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>OVHcloud : impact confirm\u00e9<\/h3>\r\n <p>Premier h\u00e9bergeur europ\u00e9en, <strong>OVHcloud<\/strong> a confirm\u00e9 l'impact sur sa page de statut. L'image cPanel fournie par d\u00e9faut sur ses offres mutualis\u00e9es <strong>n'\u00e9tait pas encore patch\u00e9e<\/strong> au moment de la divulgation.<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-globe\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>LWS, PlanetHoster, et les autres<\/h3>\r\n <p>Du c\u00f4t\u00e9 de <strong>LWS<\/strong> et <strong>PlanetHoster<\/strong>, qui proposent des plans cPanel, l'exposition est \u00e9galement document\u00e9e. En revanche, <strong>Infomaniak<\/strong> (qui utilise son propre panneau de gestion) et <strong>Ikoula<\/strong> (sur Plesk) <strong>ne sont pas concern\u00e9s<\/strong>.<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/div>\r\n \r\n <!-- 3. La r\u00e9action des autorit\u00e9s -->\r\n <h2><i class=\"fas fa-gavel\"><\/i> 3. La r\u00e9ponse des autorit\u00e9s<\/h2>\r\n \r\n <div class=\"simple-box warning\">\r\n <p><strong>\u26a0\ufe0f Un d\u00e9tail qui interpelle :<\/strong><\/p>\r\n <ul style=\"margin-top: 0.5rem; margin-left: 1.2rem;\">\r\n <li>Le <strong>Centre canadien pour la cybers\u00e9curit\u00e9<\/strong> a publi\u00e9 son avis d\u00e8s le <strong>29 avril<\/strong><\/li>\r\n <li>La <strong>Belgique (CCB)<\/strong> a suivi dans la foul\u00e9e<\/li>\r\n <li>C\u00f4t\u00e9 fran\u00e7ais, le <strong>CERT-FR n'avait toujours pas \u00e9mis d'avis sp\u00e9cifique au 3 mai<\/strong>, malgr\u00e9 le nombre d'h\u00e9bergeurs hexagonaux touch\u00e9s et les obligations de la directive <strong>NIS2<\/strong> (transpos\u00e9e en droit fran\u00e7ais depuis avril 2025)<\/li>\r\n <\/ul>\r\n <\/div>\r\n \r\n <!-- 4. Les chiffres globaux -->\r\n <h2><i class=\"fas fa-chart-bar\"><\/i> 4. L'ampleur de la menace en chiffres<\/h2>\r\n \r\n <div class=\"simple-box info\">\r\n <p><strong>\ud83d\udcca Selon Shadowserver :<\/strong><\/p>\r\n <ul style=\"margin-top: 0.5rem; margin-left: 1.2rem;\">\r\n <li><strong>Environ 44 000 adresses IP<\/strong> lan\u00e7ant des attaques ou des scans<\/li>\r\n <li><strong>Environ 650 000 instances cPanel\/WHM<\/strong> restaient expos\u00e9es sur Internet au <strong>2 mai<\/strong><\/li>\r\n <li>Soit <strong>plus d'1,5 million de serveurs potentiellement vuln\u00e9rables<\/strong> dans le monde<\/li>\r\n <\/ul>\r\n <\/div>\r\n \r\n <!-- 5. Que faire si vous \u00eates client -->\r\n <h2><i class=\"fas fa-tasks\"><\/i> 5. Que faire si vous \u00eates h\u00e9berg\u00e9 sur un serveur cPanel ?<\/h2>\r\n \r\n <div class=\"feature-list\">\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-check-circle\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>1. V\u00e9rifiez aupr\u00e8s de votre h\u00e9bergeur<\/h3>\r\n <p>Contactez le support ou consultez la page de statut de votre h\u00e9bergeur pour savoir si <strong>le correctif a \u00e9t\u00e9 appliqu\u00e9<\/strong> sur vos serveurs.<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-key\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>2. Changez vos mots de passe<\/h3>\r\n <p>Modifiez imm\u00e9diatement les mots de passe de vos comptes <strong>WHM (Web Host Manager)<\/strong> et <strong>cPanel<\/strong>. Utilisez des mots de passe forts et uniques.<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-search\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>3. Inspectez vos comptes<\/h3>\r\n <p>V\u00e9rifiez les <strong>comptes cPanel<\/strong> pour rep\u00e9rer d'\u00e9ventuels <strong>ajouts non autoris\u00e9s<\/strong> (utilisateurs inconnus, bases de donn\u00e9es suspectes, redirections).<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-database\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>4. Sauvegardez et surveillez<\/h3>\r\n <p>Effectuez des <strong>sauvegardes compl\u00e8tes<\/strong> de vos sites et bases de donn\u00e9es. Activez une <strong>surveillance renforc\u00e9e<\/strong> des logs d'acc\u00e8s et des modifications de fichiers.<\/p>\r\n <\/div>\r\n <\/div>\r\n <div class=\"feature-item\">\r\n <div class=\"feature-icon\"><i class=\"fas fa-code-branch\"><\/i><\/div>\r\n <div class=\"feature-text\">\r\n <h3>5. Envisagez un audit de s\u00e9curit\u00e9<\/h3>\r\n <p>Si votre site contient des donn\u00e9es sensibles (e-commerce, donn\u00e9es personnelles, sant\u00e9, etc.), faites r\u00e9aliser un <strong>audit de s\u00e9curit\u00e9 post-compromission<\/strong> par un expert.<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/div>\r\n \r\n <div class=\"simple-box success\">\r\n <p><strong>\u2705 Les bonnes pratiques \u00e0 adopter :<\/strong><\/p>\r\n <ul style=\"margin-top: 0.5rem; margin-left: 1.2rem;\">\r\n <li><strong>Activez la double authentification (2FA)<\/strong> sur votre compte cPanel si votre h\u00e9bergeur le permet<\/li>\r\n <li><strong>Limitez les acc\u00e8s WHM aux seules IPs autoris\u00e9es<\/strong> (filtrage IP)<\/li>\r\n <li><strong>Surveillez les logs d'authentification<\/strong> pour d\u00e9tecter des tentatives suspectes<\/li>\r\n <li><strong>Tenez-vous inform\u00e9<\/strong> des avis de s\u00e9curit\u00e9 de votre h\u00e9bergeur et du CERT-FR<\/li>\r\n <\/ul>\r\n <\/div>\r\n \r\n <!-- 6. En r\u00e9sum\u00e9 -->\r\n <h2><i class=\"fas fa-check-circle\"><\/i> 6. Ce qu'il faut retenir<\/h2>\r\n <div class=\"simple-box\">\r\n <p><strong>\u2705 Les points cl\u00e9s :<\/strong><\/p>\r\n <ul style=\"margin-top: 0.5rem; margin-left: 1.2rem;\">\r\n <li>Une <strong>faille critique (CVE-2026-41940)<\/strong> permet un <strong>contournement total de l'authentification<\/strong> sur cPanel, le panneau de contr\u00f4le utilis\u00e9 par 70 millions de domaines<\/li>\r\n <li>La note CVSS est de <strong>9,8\/10<\/strong> \u2192 extr\u00eamement grave<\/li>\r\n <li><strong>Exploit\u00e9e depuis le 23 f\u00e9vrier 2026<\/strong>, soit deux mois avant la publication du correctif<\/li>\r\n <li><strong>OVHcloud, o2switch, LWS et PlanetHoster<\/strong> sont touch\u00e9s en France<\/li>\r\n <li><strong>44 000 IPs attaquantes<\/strong> et <strong>650 000 instances encore expos\u00e9es<\/strong> au 2 mai<\/li>\r\n <li><strong>Actions imm\u00e9diates :<\/strong> contacter son h\u00e9bergeur, changer ses mots de passe, inspecter ses comptes, sauvegarder<\/li>\r\n <\/ul>\r\n <\/div>\r\n \r\n <!-- Mots-cl\u00e9s -->\r\n <div class=\"keywords\">\r\n <span>cPanel faille<\/span>\r\n <span>CVE-2026-41940<\/span>\r\n <span>OVHcloud faille<\/span>\r\n <span>o2switch<\/span>\r\n <span>LWS h\u00e9bergement<\/span>\r\n <span>PlanetHoster<\/span>\r\n <span>contournement authentification<\/span>\r\n <span>serveur expos\u00e9<\/span>\r\n <span>WebPros<\/span>\r\n <span>cybers\u00e9curit\u00e9 h\u00e9bergement<\/span>\r\n <span>shadowserver<\/span>\r\n <span>NIS2<\/span>\r\n <\/div>\r\n \r\n <footer>\r\n tech.kouzay.com \u00b7 Cybers\u00e9curit\u00e9 \u00b7 Mai 2026 \u00b7 Sources : WebPros, watchTowr Labs, Shadowserver, CERT-FR\r\n <\/footer>\r\n<\/div>\r\n<\/body>\r\n<\/html>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Une faille critique dans cPanel (CVE-2026-41940, note 9,8\/10) expose plus d’1,5 million de serveurs. OVHcloud, o2switch, LWS touch\u00e9s. Comment v\u00e9rifier votre site.<\/p>\n","protected":false},"author":2,"featured_media":6321,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_wp_convertkit_post_meta":{"form":"-1","landing_page":"0","tag":"0","restrict_content":"0"},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[200,189,190,192,194,195,204,272,208,210,211,213,214,221,229,230],"tags":[],"class_list":["post-6316","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-hebergement","category-accueil","category-actualites","category-actualites-gaming","category-blog-guides","category-bourses-detudes","category-consommateurs-high-tech","category-cybersecurite","category-cybersecurite-vpn","category-dossier","category-education","category-entrepreneurs-tech","category-etudiants-parents","category-high-tech-saas","category-logiciels-saas-b2b-b2c","category-materiel-high-tech"],"jetpack_featured_media_url":"https:\/\/tech.kouzay.com\/wp-content\/uploads\/2026\/05\/cpanel-kouzay.webp","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/posts\/6316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/comments?post=6316"}],"version-history":[{"count":7,"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/posts\/6316\/revisions"}],"predecessor-version":[{"id":6324,"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/posts\/6316\/revisions\/6324"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/media\/6321"}],"wp:attachment":[{"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/media?parent=6316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/categories?post=6316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.kouzay.com\/index.php\/wp-json\/wp\/v2\/tags?post=6316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}