cPanel and WHM Critical Auth Bypass Vulnerability Patched

Severity: High (Score: 72.2)

Sources: Securityaffairs.Co, Gbhackers, Cybersecuritynews, support.cpanel.net, Bleepingcomputer

Summary

A critical authentication vulnerability affecting all supported versions of cPanel and WHM was disclosed on April 28, 2026. This flaw allows attackers to gain unauthorized access to the control panel, posing significant risks to web hosting servers. The vulnerability has not been assigned a CVE identifier, and no technical details have been publicly disclosed. cPanel has issued an emergency update requiring administrators to run a specific command to apply the patch. Hosting providers, including Namecheap, temporarily blocked access to affected ports to protect customers until the patch was available. Administrators are urged to update immediately to prevent potential exploitation, as attackers could control hosting accounts and deploy malicious activities. The scope of impact is broad, affecting numerous web hosting providers and their customers. As of now, the vulnerability has been patched, but the lack of attribution raises concerns about future exploitation. Key Points: • A critical authentication vulnerability in cPanel and WHM has been patched. • The flaw affects all supported versions, allowing unauthorized access to control panels. • Administrators must execute a specific command to apply the emergency patch immediately.

Key Entities

• Zero-day Exploit (attack_type)
• cPanel (platform)
• Linux (platform)
• Web Host Manager (platform)
• WP Squared (platform)
• Namecheap (company)
• WebPros International (company)
• CWE-287 - Improper Authentication (cwe)
• 11.132.0.29 (ipv4)
• 11.134.0.20 (ipv4)
• 11.136.0.5 (ipv4)
• 11.136.1.7 (ipv4)
• T1059.004 - Unix Shell (mitre_attack)
• T1505.003 - Web Shell (mitre_attack)