OVHcloud incident

cPanel - CVE-2026-41940 - Incident Notification

Critical Ongoing View vendor source →
Started
May 01, 2026, 10:55 PM UTC
Resolved
Ongoing
Duration
● 2d
Detected by Pingoru
May 01, 2026, 10:55 PM UTC

Affected components

Bare Metal ServicesVirtual Private ServicesVirtual Private Services (US-EAST-LZ-ATL)Virtual Private Services (US-EAST-LZ-DAL)Virtual Private Services (US-EAST-LZ-MIA)Virtual Private Services (US-EAST-LZ-NYC)Virtual Private Services (US-WEST-LZ-DEN)Virtual Private Services (US-WEST-LZ-LAX)Virtual Private Services (US-WEST-LZ-PAO)Virtual Private Services (US-WEST-LZ-SEA)Virtual Private Services (EU-CENTRAL-LZ-PRG)Virtual Private Services (EU-SOUTH-LZ-MAD)Virtual Private Services (EU-WEST-LZ-AMS)Virtual Private Services (EU-WEST-LZ-BRU)Virtual Private Services (EU-WEST-LZ-MRS)Virtual Private Services (EU-WEST-LZ-VIE)Virtual Private Services (EU-WEST-LZ-ZRH)Public Cloud ServicesPublic Cloud Services (US-EAST-VA-1)Public Cloud Services (US-WEST-OR-1)Public Cloud Services (US-EAST-VA-2)Public Cloud Services (US-WEST-OR-2)Public Cloud Services (US-CENTRAL-LZ-STL-A)Public Cloud Services (US-WEST-LZ-PHX-A)Private Cloud ServicesNetwork Services (BHS)Network Services (ERI)Network Services (GRA)Network Services (HIL)Network Services (LIM)Network Services (RBX)Network Services (SBG)Network Services (SGP)Network Services (SYD)Network Services (VIN)Network Services (WAW)Network Services (YNM)Network Services (YYZ)Network Services (US-EAST-LZ-ATL-A)Network Services (US-EAST-LZ-BOS-A)Network Services (US-EAST-LZ-CHI-A)Network Services (US-EAST-LZ-DAL-A)Network Services (US-EAST-LZ-MIA-A)Network Services (US-EAST-LZ-NYC-A)Network Services (US-WEST-LZ-DEN-A)Network Services (US-WEST-LZ-LAX-A)Network Services (US-WEST-LZ-PAO-A)Network Services (US-WEST-LZ-SEA-A)Network Services (US-CENTRAL-LZ-SLC-A)

Update timeline

  1. investigating May 01, 2026, 10:55 PM UTC

    OVHcloud was recently informed of a security concern from cPanel team that has been identified as CVE-2026-41940. This concern allows for the possibility of exploitation on machines running cPanel & WHM. An overview of the security concern and details of the patch can be found here - https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026 To immediately address and protect from any security concerns, OVHcloud teams highly recommends anyone using a cPanel image to execute the recommended patch, as described by cPanel, on the CVE documentation. If you are using an OVHcloud provided cPanel template, please be advised that our image is not yet patched. If you need to reinstall your template for any reason between now and our patches being applied, you will need to execute the recommended steps to patch again, to ensure you remain secure. We will update here as soon as our cPanel templates are patched. We appreciate your understanding.

Looking to track OVHcloud downtime and outages?

Pingoru polls OVHcloud's status page every 5 minutes and alerts you the moment it reports an issue — before your customers do.

  • Real-time alerts when OVHcloud reports an incident
  • Email, Slack, Discord, Microsoft Teams, and webhook notifications
  • Track OVHcloud alongside 5,000+ providers in one dashboard
  • Component-level filtering
  • Notification groups + maintenance calendar
Start monitoring OVHcloud for free

5 free monitors · No credit card required