Urgent: Critical cPanel Authentication Flaw Discovered – Patch Now

Key Takeaways

• cPanel has issued security updates for multiple supported versions to fix an authentication‑related vulnerability that could allow unauthorized access to the control panel.
• The affected versions are 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, and 11.134.0.20; all currently supported releases are impacted.
• Namecheap disclosed that the flaw pertains to an authentication login exploit and, as a precaution, has blocked TCP ports 2083 and 2087 via a firewall rule, temporarily restricting customer access to cPanel and WHM interfaces.
• Namecheap’s support team confirmed that, as of April 29 2026 02:42 UTC, the official patch has been deployed on Reseller, Stellar Business, and other servers, with access restored immediately after successful installation.
• Users running unsupported or outdated cPanel versions should prioritize upgrading to a supported release, as those systems may also be vulnerable even if not listed in the advisory.

Overview of the cPanel Security Advisory

On Tuesday, cPanel released an alert announcing that a security issue affecting various authentication paths had been addressed in recent builds of its control‑panel software. The vendor emphasized that all currently supported versions are susceptible to the flaw, prompting the release of patches across several maintenance streams. Although cPanel withheld technical specifics, the advisory urged administrators to apply the updates promptly to mitigate potential exploitation.

Versions Receiving the Patch

The update is available for the following cPanel releases:

• 11.110.0.97
• 11.118.0.63
• 11.126.0.54
• 11.132.0.29
• 11.136.0.5
• 11.134.0.20

These builds correspond to the latest maintenance levels for the respective major versions (11.110 through 11.136). cPanel’s note that “if your server is not running a supported version … it is highly recommended that you work toward updating your server as soon as possible” signals that even systems outside this list may be at risk if they remain outdated.

Namecheap’s Disclosure of the Vulnerability

While cPanel kept the details of the issue under wraps, the web‑hosting and domain‑registration company Namecheap provided additional context. According to Namecheap’s statement, the vulnerability relates to an authentication login exploit that could permit an attacker to gain unauthorized entry to the cPanel or WHM interface. Such access would allow malicious actors to manipulate hosting accounts, alter DNS records, install unwanted software, or exfiltrate sensitive data.

Precautionary Measures Implemented by Namecheap

As an interim safeguard, Namecheap applied a firewall rule designed to block traffic on TCP ports 2083 and 2087, the standard ports used for cPanel (secure) and WHM (Web Host Manager) access, respectively. This action temporarily limits customers’ ability to reach their control panels while the vendor’s patch is being rolled out. Namecheap clarified that the restriction is precautionary and temporary, emphasizing that normal access will be reinstated once the official fix is successfully applied to each server.

Patch Deployment Status

Namecheap’s support team reported that, as of April 29 2026 at 02:42 a.m. UTC, the official cPanel patch had been applied to Reseller, Stellar Business servers, and the remaining infrastructure under its management. The company noted that access to control panels would be restored immediately after the patch’s successful deployment on each host. This timeline indicates a swift response, with the mitigation window lasting only a few hours for most customers.

Recommendations for cPanel Administrators

For administrators managing their own cPanel installations, the advisory carries clear guidance:

1. Verify Current Version – Use the command /usr/local/cpanel/cpanel -V or check the WHM interface to confirm which build is running.
2. Apply the Latest Update – If the version matches one of the listed patched releases, run the standard update script (/scripts/upcp) or use WHM’s “Upgrade to Latest Version” feature.
3. Upgrade Unsupported Systems – Servers operating on end‑of‑life releases should be migrated to a supported branch as soon as feasible, since they may also expose the authentication flaw.
4. Monitor Logs – Review /var/log/cpanel and /var/log/secure for anomalous login attempts, especially from unfamiliar IP addresses, during and after the update process.
5. Consider Additional Hardening – While the patch resolves the specific authentication vector, enabling two‑factor authentication (2FA) for WHM/cPanel users and restricting access to trusted IP ranges via firewall rules adds defense‑in‑depth.

Potential Impact if Left Unpatched

An authentication bypass in a control‑panel platform such as cPanel can have cascading consequences. Unauthorized entry may lead to:

• Account Hijacking – Attackers could reset passwords, add email forwarders, or create sub‑accounts for illicit purposes.
• Data Exfiltration – Access to file managers, databases, and backup utilities enables the theft of website code, customer information, or proprietary content.
• Service Disruption – Malicious actors might delete critical files, alter DNS zones, or suspend services, causing downtime for hosted domains.
• Further Network Penetration – Control‑panel access often provides a pivot point to the underlying server OS, facilitating privilege escalation or lateral movement within a hosting provider’s infrastructure.

Given these risks, the timely application of the released patches is essential for maintaining the integrity and security of hosted environments.

Conclusion

The cPanel security advisory issued on April 29 2026 highlights a significant authentication‑related vulnerability affecting all supported releases. While cPatch details were withheld, Namecheap’s disclosure clarified that the issue involves an exploitable login mechanism, prompting the hoster to block cPanel/WHM ports temporarily as a precaution. Patches have now been applied across Namecheap’s infrastructure, restoring customer access promptly. Administrators are urged to verify their cPanel version, apply the updates without delay, and consider upgrading any legacy systems to supported releases. By adhering to these steps, hosting providers and server owners can mitigate the risk of unauthorized control‑panel access and protect the services they deliver to end users.