cPanel & WHM Critical Authentication Vulnerability Identified

A critical authentication vulnerability in cPanel and WHM surfaced on April 28, 2026. It affects every currently supported version of the control panels that thousands of businesses rely on to run their websites, email, databases, and e-commerce stores.

If you manage or rely on cPanel-hosted environments, this is not a theoretical risk. An attacker could bypass login entirely and gain full administrative access. The window for exploitation is narrow, but the consequences for operations and compliance are immediate.

What the cPanel Vulnerability Actually Is

cPanel’s own security bulletin describes the issue as a flaw in “various authentication paths.” Namecheap, one of the largest affected hosting providers, called it an “authentication login exploit” that could let unauthorized users reach the control panel without credentials.

No public technical details have been released—smart, because full disclosure would hand attackers a ready-made weapon. What matters to business leaders is simple: anyone who could reach your cPanel or WHM interface over the internet could potentially take over the entire environment.

Who Is Exposed and Why It Matters

Every server running a supported version of cPanel or WHM is affected until patched. That includes shared hosting accounts, VPS servers, and dedicated boxes used by small and mid-sized companies across retail, professional services, healthcare, and manufacturing.

If your marketing team, developers, or third-party agencies log in to manage websites or email, the exposure is real. Many Los Angeles-area businesses we work with still use cPanel because it’s familiar and cost-effective—until a flaw like this turns a convenience into a liability.

The Real Business Impact of an Unpatched Server

Think beyond “technical glitch.” Full control of cPanel means an attacker can:

• Change or delete websites and customer data

• Access email accounts and send phishing from your domain

• Install persistent backdoors or redirect traffic to malicious sites

• Exfiltrate databases containing client information, payment details, or proprietary files

  
  

For a business in Southern California handling customer data, that quickly triggers CCPA notification requirements, potential fines, and immediate loss of trust. Downtime during an incident also means lost revenue, disrupted operations, and hours of emergency coordination with your hosting provider, legal counsel, and insurance carrier.

We’ve seen similar compromises turn routine hosting into a multi-week incident response project. The difference this time is the exploit was disclosed publicly, so attackers are already scanning for vulnerable servers.

Immediate Steps to Patch and Contain the Risk

Run the Emergency Update Log into your server as root (or ask your hosting provider to do it) and execute: /scripts/upcp --force

This forces cPanel to pull the patched versions:

• 11.110.0.97

• 11.118.0.63

• 11.126.0.54

• 11.132.0.29

• 11.136.0.5

• 11.134.0.20

After the update finishes, verify with: /usr/local/cpanel/cpanel -V

Apply Temporary Protections If You Can’t Patch Right Away Several responsible hosting providers blocked TCP ports 2082, 2083, 2086, 2087 (cPanel/WHM) plus webmail and WebDisk ports until the patch rolled out. If you control your firewall, consider the same short-term restriction while you update. It’s inconvenient for legitimate users but far safer than leaving the front door open.

Why a One-Time Patch Isn’t Enough

Patching closes today’s hole. It does not address the broader reality that most businesses treat hosting security as someone else’s problem—until it isn’t.

Operations leaders need visibility into server configuration, patch status, access logs, and third-party dependencies. That requires more than a monthly report from your hosting provider. It requires someone who understands both the technical details and the business consequences.

If you'd like to discuss your hosting security posture, our vCISO services, or your security compliance needs, feel free to reach out. We'll review what you already have in place and share clear, practical recommendations based on experience with similar situations.