Funio incident

Critical authentication vulnerability affecting cPanel

Notice Resolved View vendor source →
Started
Apr 28, 2026, 08:34 PM UTC
Resolved
Apr 29, 2026, 05:30 PM UTC
Duration
20h 56m
Detected by Pingoru
Apr 28, 2026, 08:34 PM UTC

Affected components

Shared HostingVPS

Update timeline

  1. investigating Apr 28, 2026, 08:34 PM UTC

    cPanel has published a notice of a critical authentication vulnerability affecting supported versions of cPanel & WHM. As a precaution, we have temporarily restricted external access to cPanel and WHM at the network edge while cPanel prepares a patch. cPanel identifies this firewall restriction as the current recommended workaround. During this time, customers will be unable to access: • cPanel via ports 2082 and 2083 • WHM via ports 2086 and 2087 • Webmail via ports 2095 and 2096 • Webdisk via ports 2077 and 2078 In addition, service (proxy) subdomains may be impacted, including: • cpanel.yourdomain.com • whm.yourdomain.com • webmail.yourdomain.com • webdisk.yourdomain.com These “proxy subdomains” are simply friendly shortcuts that redirect to your server’s login services (like cPanel or webmail) without requiring a port number. Because they ultimately rely on the same underlying access points, they may not function during this restriction. This does not indicate an outage of hosted websites, email delivery, DNS, FTP, or database services. Those services are expected to continue operating normally. We are monitoring cPanel’s patch release and will restore access once the vulnerability has been addressed and we have completed validation. You may read more about this vulnerability here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication Thank you for your patience while we take this precaution to protect customer environments.

  2. monitoring Apr 29, 2026, 05:11 PM UTC

    We deployed the cPanel patch across all shared hosting and VPS environments last night. As a precaution, we are continuing to monitor both cPanel’s status and our servers to ensure the patch has been fully and permanently applied. Following this observation period, we have begun lifting all previously implemented restrictions on our Shared Hosting services. VPS environments will follow shortly.

  3. resolved Apr 29, 2026, 05:30 PM UTC

    We have lifted all previously previously implemented restrictions on our VPS environment.

Looking to track Funio downtime and outages?

Pingoru polls Funio's status page every 5 minutes and alerts you the moment it reports an issue — before your customers do.

  • Real-time alerts when Funio reports an incident
  • Email, Slack, Discord, Microsoft Teams, and webhook notifications
  • Track Funio alongside 5,000+ providers in one dashboard
  • Component-level filtering
  • Notification groups + maintenance calendar
Start monitoring Funio for free

5 free monitors · No credit card required