There must be so many (small) shared hosting companies that don't update their software, those poor customers.

A full breakdown of the vulnerability: https://labs.watchtowr.com/the-internet-is-falling-down-fall...

With this (CVE-2026-41940) and copy.fail (CVE-2026-3143), it must be an exciting time in the shared hosting business right now… Glad I've been out of it for a long time.

Luckily my site uses Plesk after moving away from cPanel years ago.

I have to wonder if this issue is due to never reviewing auto-test scripts ?

I know where I worked, testing is now an afterthought and half the time testing means no issues compiling and deploying :)

We had a separate testing group and they caught lots of issues. But due to Agile, they were all fired years ago.

Which are the safest control panels^ ? Been thinking about Hostineer which developed and dogfooded ApisCP over 20 years.

[^] a product made for commercial operators stuffing thousands of PHP sites into a server, so no Coolify, Google Cloud Run.