Critical Vulnerability with cPanel & WHM Login Authentication

Update timeline

1. identified Apr 28, 2026, 07:15 PM UTC

   We are aware of a critical security vulnerability affecting cPanel/WHM login authentication method, as outlined in the official cPanel link below: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication Direct access to cPanel (port 2083) and WHM (port 2087) may be temporarily unavailable from public networks until the exploit has been patched. Services and websites remain fully operational. We will continue to monitor the situation closely and will provide updates as necessary. We apologize for any inconvenience caused and thank you for your patience and understanding.

2. identified Apr 28, 2026, 07:20 PM UTC

   We are continuing to work on a fix for this issue.

3. identified Apr 28, 2026, 08:07 PM UTC

   We are continuing to work on a fix for this issue.

4. identified Apr 28, 2026, 08:24 PM UTC

   We are continuing to work on a fix for this issue.

5. monitoring Apr 28, 2026, 10:34 PM UTC

   cPanel has released a patch for the recently identified authentication vulnerability, and we have applied it to all shared hosting servers and managed VPS environments. WHM, cPanel, and Webmail ports are now fully accessible on these systems. Please note that these ports remain temporarily restricted on unmanaged Linux VPS servers. If your VPS is affected, a manual update may be required. You can follow the official cPanel guide here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication We apologize for any inconvenience caused and thank you for your patience.

6. resolved Apr 29, 2026, 12:22 PM UTC

   This incident has been resolved.