CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Emergency patch issued for critical authentication bypass in cPanel and WHM control panels

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A critical authentication bypass vulnerability in cPanel and WebHost Manager (WHM) allowed unauthenticated access to control panels across multiple versions, exposing servers to complete compromise. The flaw affected all supported cPanel/WHM versions prior to specific patched releases, enabling attackers to gain administrative control over websites, databases, emails, and entire server environments without credentials. The vendor released emergency updates via manual command execution to address the issue, while a major hosting provider temporarily blocked access to WHM/cPanel ports as a precaution.

Timeline

  1. 29.04.2026 18:51 1 articles · 1h ago

    Critical authentication bypass in cPanel/WHM patched in emergency update

    cPanel and WHM released emergency patches addressing a critical authentication bypass vulnerability affecting all supported versions prior to specified releases. The vendor advised administrators to execute /scripts/upcp –force to install patched versions. No public technical details or exploit code are available, and no tracking identifier has been assigned.

    Show sources
    Open in new tab

Information Snippets

  • The vulnerability impacted all supported cPanel and WHM versions prior to specific patched releases (11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, 11.134.0.20).

    First reported: 29.04.2026 18:51
    1 source, 1 article
    Show sources

  • Exploitation enabled unauthenticated access to cPanel, allowing full control over websites, databases, emails, and webmail interfaces.

    First reported: 29.04.2026 18:51
    1 source, 1 article
    Show sources

  • WHM access granted administrative control over the entire server, enabling account creation/deletion, persistent access establishment, and malicious activities such as proxy traffic, spam, and malware delivery.

    First reported: 29.04.2026 18:51
    1 source, 1 article
    Show sources

  • The vendor recommended running the command /scripts/upcp –force to force an update to a patched version, bypassing version checks.

    First reported: 29.04.2026 18:51
    1 source, 1 article
    Show sources

  • A major hosting provider, Namecheap, temporarily blocked ports 2083 and 2087 (WHM/cPanel) to mitigate exposure until patches were applied.

    First reported: 29.04.2026 18:51
    1 source, 1 article
    Show sources

  • No public technical details, exploit code, or tracking identifier (e.g., CVE) has been assigned or disclosed as of publication.

    First reported: 29.04.2026 18:51
    1 source, 1 article
    Show sources

  • Unsupported cPanel versions are ineligible for security updates; administrators are advised to upgrade to a supported version.

    First reported: 29.04.2026 18:51
    1 source, 1 article
    Show sources