cPanel has released a security update to address security issues affecting various authentication paths that could allow an attacker to gain access to the control panel software.
According to an alert released by cPanel on Tuesday, the issue affects all currently supported versions. This issue has been resolved in the following versions:
11.110.0.97 11.118.0.63 11.126.0.54 11.132.0.29 11.136.0.5 11.134.0.20
“If your server is not running a supported version of cPanel that is eligible for this update, we strongly recommend that you update your server as soon as possible, as your server may also be affected,” cPanel said.
cPanel did not provide details about the vulnerability, but web hosting and domain registration company Namecheap said it “related to an authenticated login exploit that allows unauthorized access to the control panel.”
As a precaution, the company has applied firewall rules that block access to TCP ports 2083 and 2087, temporarily restricting access to customers’ cPanel and WHM interfaces until a full patch is applied.
“Our team is actively monitoring the situation and will apply official patches to all supported servers as soon as they become available,” Namecheap said. “Access to the Control Panel will be restored immediately after the patch is successfully deployed.”
According to the Namecheap support team, as of April 29, 2026, 2:42 AM (UTC), this fix has been applied to resellers, Stellar Business servers, and other servers.
Source link
