A critical cPanel vulnerability lets attackers bypass login and gain root access, with active exploitation reported before patches were released.