239/69 Friday, May 1, 2026
cPanel has released a security update to address an authentication vulnerability that could allow unauthorized access to server control panels. The flaw affects all currently supported versions and poses a significant risk to systems exposed to the internet.
cPanel is a widely used web hosting control panel that enables users to manage websites and servers through a graphical interface rather than command-line tools. The company has issued patches and strongly urges administrators to update immediately to mitigate the risk of exploitation. As a temporary mitigation, Namecheap implemented firewall rules blocking TCP ports 2083 and 2087-used by cPanel and WHM-to reduce exposure. However, this measure may disrupt certain services, including Webmail, Webdisk, and both SSL and non-SSL connections during the mitigation period.
The vulnerability has been fixed in the following versions: 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5. cPanel also noted that systems running end-of-life (EOL) versions should be upgraded as soon as possible, as they may also be affected. As of April 29, 2026, patches have been deployed across the majority of servers, according to reports from Namecheap’s support team.
Source https://securityaffairs.com/191465/security/all-supported-cpanel-versions-hit-by-critical-auth-bug-now-patched.htm