cPanel and WHM Critical Auth Bypass Vulnerability Patched

cPanel and WHM Critical Auth Bypass Vulnerability Patched

First seen 29 Apr 2026, 08:08 UTC GbhackersCybersecuritynewsSecurityaffairs.CoBleepingcomputersupport.cpanel.net+39 87% similarity 72.2

Article Content

Browse articles
ThreatCluster

A critical authentication vulnerability affecting all supported versions of cPanel and WHM was disclosed on April 28, 2026. This flaw allows attackers to gain unauthorized access to the control panel, posing significant risks to web hosting servers. The vulnerability has not been assigned a CVE identifier, and no technical details have been publicly disclosed. cPanel has issued an emergency update requiring administrators to run a specific command to apply the patch. Hosting providers, including Namecheap, temporarily blocked access to affected ports to protect customers until the patch was available. Administrators are urged to update immediately to prevent potential exploitation, as attackers could control hosting accounts and deploy malicious activities. The scope of impact is broad, affecting numerous web hosting providers and their customers. As of now, the vulnerability has been patched, but the lack of attribution raises concerns about future exploitation.

Key Points: • A critical authentication vulnerability in cPanel and WHM has been patched. • The flaw affects all supported versions, allowing unauthorized access to control panels. • Administrators must execute a specific command to apply the emergency patch immediately.

ThreatCluster AI

Timeline

2026-04-28
cPanel discloses critical authentication vulnerability.
2026-04-28
Emergency patch released for cPanel and WHM.
2026-04-29
Namecheap blocks access to affected ports.

Community

Browse all →