cPanel Patches Critical Authentication Vulnerability Affecting Control Panel Access
cPanel has released urgent security updates to fix a critical vulnerability in its control panel software that could allow attackers to gain unauthorized access through authentication flaws. The issue impacts all currently supported versions, with patches now available in the following releases:
- 11.110.0.97
- 11.118.0.63
- 11.126.0.54
- 11.132.0.29
- 11.136.0.5
- 11.134.0.20
cPanel warned that unsupported versions may also be vulnerable, urging users to update immediately. While the company did not disclose technical details, web hosting provider Namecheap revealed the flaw involves an authentication exploit targeting login mechanisms.
As a precaution, Namecheap temporarily blocked access to TCP ports 2083 and 2087, disrupting customer access to cPanel and WHM interfaces until the patch was deployed. The company confirmed that fixes were applied to Reseller and Stellar Business servers by April 29, 2026, at 02:42 a.m. UTC, with remaining systems updated shortly after. No active exploitation has been reported.
Source: https://thehackernews.com/2026/04/critical-cpanel-authentication.html
cPanel TPRM report: https://www.rankiteo.com/company/cpanel
Namecheap TPRM report: https://www.rankiteo.com/company/namecheap-inc
"id": "namcpa1777466222",
"linkid": "namecheap-inc, cpanel",
"type": "Vulnerability",
"date": "4/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 'Reseller and Stellar Business '
'server customers',
'industry': 'Web Hosting',
'name': 'Namecheap',
'type': 'Web Hosting Provider'},
{'customers_affected': 'All users of supported and '
'unsupported cPanel versions',
'industry': 'Web Hosting Software',
'name': 'cPanel',
'type': 'Software Provider'}],
'attack_vector': 'Authentication Exploit',
'customer_advisories': 'Namecheap customers were advised of temporary '
'disruptions and subsequent patch deployment.',
'date_resolved': '2026-04-29T02:42:00Z',
'description': 'cPanel has released urgent security updates to fix a critical '
'vulnerability in its control panel software that could allow '
'attackers to gain unauthorized access through authentication '
'flaws. The issue impacts all currently supported versions, '
'with patches now available. The flaw involves an '
'authentication exploit targeting login mechanisms.',
'impact': {'downtime': 'Temporary disruption due to port blocking',
'operational_impact': 'Temporary loss of access to cPanel and WHM '
'interfaces',
'systems_affected': 'cPanel and WHM interfaces'},
'investigation_status': 'No active exploitation reported',
'post_incident_analysis': {'corrective_actions': 'Applied security patches to '
'all affected versions',
'root_causes': 'Authentication flaw in cPanel '
'login mechanisms'},
'recommendations': 'Update to the latest patched versions of cPanel '
'immediately. Users of unsupported versions should also '
'apply updates or migrate to supported versions.',
'references': [{'source': 'cPanel Security Advisory'},
{'source': 'Namecheap Announcement'}],
'response': {'containment_measures': 'Temporarily blocked access to TCP ports '
'2083 and 2087',
'recovery_measures': 'Restored access to cPanel and WHM '
'interfaces after patch deployment',
'remediation_measures': 'Applied security patches to affected '
'versions'},
'title': 'cPanel Critical Authentication Vulnerability Affecting Control '
'Panel Access',
'type': 'Authentication Vulnerability',
'vulnerability_exploited': 'Authentication Flaw in cPanel Login Mechanisms'}