Security & Infrastructure Tools

cPanel, WHM emergency update fixes critical auth bypass bug

cPanel and WHM issued an emergency update to fix a critical authentication bypass vulnerability that could grant unauthorized access to the hosting control panel. Admins must run the manual patch command (/scripts/upcp --force) to upgrade to patched builds (11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, 11.136.0.5). Namecheap temporarily blocked WHM/cPanel ports 2083 and 2087 to protect users until patches were available, and users on unsupported versions should upgrade immediately. If exploited, the flaw could let attackers fully control hosting accounts, plant backdoors, and conduct other malicious activities.

TechLogHub

April 29, 2026

Keep Reading

Security & Infrastructure ToolsJun 12, 2026

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national extradited from Ireland to the United States pleaded guilty to conspiracy to commit wire fraud in connection with the Conti ransomware operation, admitting to joining the group in September 2021 and possessing data stolen from eight U.S. victims and four overseas victims. He helped code a loader used in attacks and faces up to 20 years in prison. Conti, linked to TrickBot, targeted more than 1,000 victims and collected over $150 million in ransom before disbanding in 2022.

Security & Infrastructure ToolsJun 12, 2026

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More from the Blog

View all

Security & Infrastructure Tools

Microsoft Adds Copilot Data Controls to All Storage Locations

Microsoft is expanding its data‑loss prevention controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel and PowerPoint documents regardless of where they are stored—whether on local devices or in SharePoint/OneDrive. The update will be deployed through the Augmentation Loop (AugLoop) Office component between late March and late April 2026, automatically enabling the restriction for organizations that already have DLP policies set to block Copilot from handling sensitivity‑labeled content. This change follows a bug that had allowed Copilot to summarize confidential emails in users’ Sent Items and Drafts folders despite active DLP protections.

Feb 25, 2026

Security & Infrastructure Tools

Previously harmless Google API keys now expose Gemini AI data

Stay Updated

Get the next deep dive in your inbox

Subscribe for product analysis, engineering explainers, and practical guides published on TechLogHub.

Stay Updated

Get weekly insights, product updates, and launches straight to your inbox.

CPanel and WHM Emergency Update: Fix for Critical Authentication Bypass

OverviewA severe vulnerability affecting a broad range of cPanel and WebHost Manager (WHM) installations was disclosed, capable of bypassing authentication and granting direct access to the control panel. The issue has prompted an emergency update from the vendor, with a manual update required to obtain the patched software. The flaw underscores the critical importance of keeping control plane software current, especially for hosting environments where both server-level and site-level management are intertwined.

Scope of the Issue

Affected products: cPanel and WHM, popular Linux-based hosting control panels used to manage servers, websites, and email services.
Impact: An attacker could reach the cPanel/WHM interfaces without providing valid credentials, enabling full administrative access to websites, data, and server configuration.
Public disclosures: The problem was acknowledged by major hosting providers and confirmed by a security bulletin issued by the vendor. The vulnerability was described as an authentication login exploit with potential for unauthorized control over the hosting environment.
Immediate responses: In the wake of the disclosure, a hosting provider briefly restricted access to the management ports used by WHM and cPanel to protect customers while patches were being prepared.

Versions with PatchesThe vendor published a security bulletin identifying patched product versions. Administrators running affected releases should upgrade to a patched build to mitigate the vulnerability:

11.110.0.97
11.118.0.63
11.126.0.54
11.132.0.29
11.134.0.20
11.136.0.5

These versions include the fixes that close the authentication bypass and restore normal, secure operation of the control panels. Systems on unsupported versions are not eligible for official security updates and should be upgraded to a supported release as soon as possible.

How the Patch Works

Update mechanism: The patch requires running the official update process to install the fixed code. In practice, administrators are instructed to force the update process to ensure the patched components are loaded, even if the system reports that it is already up to date.
Command to apply: Administrators should execute the update command with a force option to pull in the patched versions. This ensures that the patched binaries and configuration are loaded and active.
Verification: After the update completes, administrators should verify that the installed versions match one of the patched releases listed above and that the control panel passwords, sessions, and access controls are functioning as expected.

Operational Risk and Potential Scenarios

What an attacker could do: Gaining access to cPanel or WHM would give the intruder control over the hosting account and server environment. This could include managing websites and data, configuring email, planting backdoors or web shells, redirecting traffic, exfiltrating sensitive files, or using the server for spam, phishing, or malware delivery.
Server-wide impact: Since WHM provides access to the entire server, a compromised instance could enable persistence on the machine, allowing continued malicious activity across all websites and services hosted on that server.
Real-world signals of risk: When a vulnerability with authentication bypass becomes public, hosting providers may temporarily block or limit access to management ports to minimize exposure while patches are deployed.

Guidance for Administrators and Operators

Patch promptly: If you run a version that has a patched release available, apply the update using the force-enabled update pathway to ensure the fix is installed.
Upgrade where needed: If your environment is on an older, unsupported release, plan a migration to a supported version as part of a broader maintenance window.
Validate access controls: After applying patches, test login flows to confirm that authentication behaves as intended and that there are no new permission anomalies.
Monitor management interfaces: Keep an eye on access patterns to cPanel and WHM, especially during the window when patches were released and applied, to detect any unusual activity.
Contain exposure: If patching cannot be completed immediately across all systems, consider temporarily restricting access to management interfaces or placing affected servers behind network-level controls until patches are in place.

Context and Aftermath

Company and platform context: cPanel and WHM are central to many hosting stacks, offering standardized interfaces and deep integration with common server setups. Their wide deployment means that a critical authentication flaw has broad implications for hosting providers and end users.
Public attribution: At the time of disclosure, the vulnerability had not been publicly assigned an official identifier, and no formal tracking ID had been announced. Despite the lack of a public identifier, the reported severity prompted rapid patching and precautionary measures by major service providers.
Related security activity: The incident sits among other authentication bypass disclosures that have highlighted the need for timely updates and rigorous access controls in web hosting environments. The situation reinforced best practices around patch management and monitoring of control-plane components.

What This Means for the Industry

Emphasis on patch velocity: The emergency update underscores the importance of rapid response to authentication bypass flaws in widely used control panels. Vendors, hosting providers, and administrators alike must maintain agile update and validation processes.
Risk awareness for multi-point access: The convergence of server-level and site-level control interfaces means a single vulnerability can cascade. Strengthening authentication mechanisms, monitoring, and segmentation remains critical.
Importance of early defense: Blocking or restricting access to management endpoints during vulnerability windows can limit exposure, buying time for patches to be deployed without giving attackers a foothold.

Closing ReflectionsThe cPanel and WHM emergency update represents a significant reminder of the ongoing threat landscape facing hosting environments. When trusted management interfaces are exposed to the internet, even a small vulnerability can have outsized consequences. By applying patched releases, verifying installed versions, and maintaining a disciplined patching routine, administrators can reduce the risk of credential-based compromise and preserve the integrity of websites, data, and server operations across their hosting infrastructure.

cPanel, WHM emergency update fixes critical auth bypass bug

Related Posts

Ukrainian national pleads guilty to role in Conti ransomware operation

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More from the Blog

Microsoft Adds Copilot Data Controls to All Storage Locations

Previously harmless Google API keys now expose Gemini AI data

Get the next deep dive in your inbox

Stay Updated

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

Microsoft says bug in classic Outlook hides the mouse pointer

Product

Learn

Company

Legal

Stay Updated

Browse by Category

What's New