{"id":751,"date":"2026-04-29T11:45:38","date_gmt":"2026-04-29T11:45:38","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=751"},"modified":"2026-04-29T11:45:38","modified_gmt":"2026-04-29T11:45:38","slug":"critical-cpanel-authentication-vulnerability-identified-update-your-server-immediately","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=751","title":{"rendered":"Critical cPanel Authentication Vulnerability Identified \u2014 Update Your Server Immediately"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 29, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Web Hosting<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiQ54sVYryCG3V_ZjHJwzuKBteLhpf8FnX131rudu9bvgYGDupWYtJHLYxGPjVON072t-CWz4hyQmxQmwIW6ZZzTXsiJhcfRHPBj1ag1H0PeFGB4KkZIAsyhR0bT_DQqCj2uf_a5Yza7VbeBd3xRIvf4VUZ8UBRM2iEY10bk3me9zotLNcLExjSMaoY3y4l\/s1700-e365\/cpanel.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>cPanel has <a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-cPanel-WHM-Security-Update-04-28-2026\">released<\/a> security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.<\/p>\n<p>The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions &#8211;<\/p>\n<ul>\n<li>11.110.0.97<\/li>\n<li>11.118.0.63<\/li>\n<li>11.126.0.54<\/li>\n<li>11.132.0.29<\/li>\n<li>11.136.0.5<\/li>\n<li>11.134.0.20<\/li>\n<\/ul>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-security-guide-d-1\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjRxP56rpa2W0O_0yc0xgs5l2r4FRV4Wiuq3IqWuFdsd_4g1c3oRVXoHtW9gxo8ObuxmyjqkAf3cD6N1JbVDos7QX99ZHtmeVrg-FUzSnMZLTl1ZFyiSkpqQiw6BcHXz52jr3s42xWEDFOpwWK6HgXOqscGMNkhA5pZK7h6zVV4dpDaLfgy17TidZXVrtUB\/s728-e100\/nudge-d-1.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>\u00abIf your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected,\u00bb cPanel noted.<\/p>\n<p>While cPanel did not share any details about the vulnerability, web hosting and domain registration company Namecheap <a href=\"https:\/\/www.namecheap.com\/status-updates\/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026\/\">disclosed<\/a> that it \u00abrelates to an authentication login exploit that could allow unauthorized access to the control panel.\u00bb<\/p>\n<p>As a precautionary measure, the company has applied a firewall rule to block access to TCP ports 2083 and 2087, a move it said will temporarily restrict customer access to their cPanel and WHM interfaces until a full patch is applied.<\/p>\n<p>\u00abOur team is actively monitoring the situation and will apply the official patch across all supported servers as soon as it becomes available,\u00bb Namecheap noted. \u00abAccess to your control panels will be restored immediately once the patch has been successfully deployed.\u00bb<\/p>\n<p>As of April 29, 2026, 02:42 a.m. UTC, the fix has been applied to Reseller, Stellar Business servers, and the rest, according to the Namecheap Support Team.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 29, 2026Vulnerability \/ Web Hosting cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to&hellip;<\/p>\n","protected":false},"author":1,"featured_media":752,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[396,1465,58,1466,1467,518,1029,68],"class_list":["post-751","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-authentication","tag-cpanel","tag-critical","tag-identified","tag-immediately","tag-server","tag-update","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=751"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/751\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/752"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}