Authentication bypass vulnerability in cPanel patched across supported versions

First reported

29.04.2026 12:37

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

cPanel released security updates addressing an authentication bypass vulnerability affecting all supported versions of its control panel software. The flaw could allow an attacker to gain unauthorized access to cPanel and WebHost Manager (WHM) interfaces, potentially leading to server compromise, data exposure, or malicious account creation. The impacted versions span multiple release branches, and servers running outdated or unsupported builds are also at risk. Immediate patching is strongly advised due to elevated exploitation potential.

Timeline

29.04.2026 12:37 1 articles · 2h ago

cPanel authentication bypass fixed in supported versions with urgent patch deployment
cPanel released security updates addressing an authentication bypass vulnerability impacting all supported versions of its control panel software. The issue allows unauthorized access to cPanel and WHM interfaces via exploited authentication paths. Namecheap implemented temporary firewall rules blocking access to ports 2083 and 2087 during patch rollout.
Show sources

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — thehackernews.com — 29.04.2026 12:37
Open in new tab

Information Snippets

Affected cPanel versions include 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, and 11.134.0.20, covering all currently supported releases.
First reported: 29.04.2026 12:37

1 source, 1 article
Show sources
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — thehackernews.com — 29.04.2026 12:37
The vulnerability enables an authentication bypass, allowing unauthorized access to cPanel and WHM interfaces, which could result in server takeover, data theft, or lateral movement within hosting environments.
First reported: 29.04.2026 12:37

1 source, 1 article
Show sources
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — thehackernews.com — 29.04.2026 12:37
Namecheap applied emergency firewall rules blocking access to cPanel/WHM TCP ports 2083 (HTTPS) and 2087 (HTTP) as a temporary mitigation until official patches are deployed across all systems.
First reported: 29.04.2026 12:37

1 source, 1 article
Show sources
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — thehackernews.com — 29.04.2026 12:37
As of 2026-04-29 02:42 UTC, Namecheap reported patching Reseller and Stellar Business servers and indicated broader deployment of fixes across remaining supported systems.
First reported: 29.04.2026 12:37

1 source, 1 article
Show sources
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — thehackernews.com — 29.04.2026 12:37

Summary

Timeline

cPanel authentication bypass fixed in supported versions with urgent patch deployment

Information Snippets