On 28 April 2026, cPanel released an urgent security update for all currently supported versions of cPanel & WHM, addressing a vulnerability related to authentication pathways within the control panel software.
What was the issue?
cPanel identified a security issue affecting all supported versions of cPanel & WHM, specifically linked to certain authentication paths within the software. Due to the elevated access control panels provide, this type of issue is treated as critical.
Which versions were affected?
The vulnerability impacts all supported versions, with patched builds released across multiple branches including 11.110, 11.118, 11.126, 11.132, 11.134, and 11.136.
Was customer data affected?
There is no evidence of data compromise. This was a preventative security update, not a breach notification.
cPanel Servers
We are currently seeing a small number of servers where access remains restricted following the recent cPanel vulnerability.
In these cases, we do not yet have the level of access required to complete remediation directly. Our current recommendation is to restore the affected server(s) from the last known good backup taken before 30 April 2026, where available. This approach provides the quickest and safest path to full recovery.
Our support teams are, of course, on hand to assist customers wherever possible, including advising on restore options and next steps.
Please be aware that response times may be slightly longer than usual as we continue to work through a high volume of related tickets. We appreciate your patience and understanding while we progress through the queue.
Further updates will be provided as the situation develops.
cPanel
On 28 April 2026, cPanel released an urgent security update for all currently supported versions of cPanel & WHM, addressing a vulnerability related to authentication pathways within the control panel software.
What was the issue?
cPanel identified a security issue affecting all supported versions of cPanel & WHM, specifically linked to certain authentication paths within the software. Due to the elevated access control panels provide, this type of issue is treated as critical.
Which versions were affected?
The vulnerability impacts all supported versions, with patched builds released across multiple branches including 11.110, 11.118, 11.126, 11.132, 11.134, and 11.136.
Was customer data affected?
There is no evidence of data compromise. This was a preventative security update, not a breach notification.
cPanel Servers