28th April 2026

Temporary Restriction of cPanel/WHM Access (Shared/Reseller Hosting Services)

We are currently responding to a newly disclosed critical authentication vulnerability affecting all supported versions of cPanel & WHM: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication

What’s happening: This vulnerability may allow unauthorized access to cPanel/WHM services. At this time, an official patch has not yet been released by the vendor.

What we’ve done: As a precautionary measure, we have proactively restricted external access to cPanel/WHM control panel, including webmail, across all shared/reseller hosting servers. This mitigation is currently the most effective way to prevent potential exploitation.

Impact:

  • cPanel and WHM web interface access is temporarily unavailable (including control panel and webmail)
  • All other server services remain fully operational (i.e. websites remain functional/loading)
  • No evidence of compromise has been identified on our systems

Next steps: We are closely monitoring the situation and awaiting an official patch release from cPanel. Once available, our team will:

  1. Thoroughly test the patch in a controlled environment
  2. Validate system stability and security
  3. Gradually restore access to cPanel/WHM services once fully verified

We will continue to provide updates as more information becomes available.

We appreciate your understanding as we take these proactive steps to ensure the security and integrity of your services.

UPDATE 3:21 PM PDT:

We’re pleased to share that cPanel & WHM has officially released a patch addressing the previously disclosed authentication vulnerability.

Our team has:

  • Successfully applied the patch across all affected shared and reseller hosting servers
  • Verified system integrity, stability, and security post-deployment
  • Restored external access to all previously restricted services

Current status:

  • cPanel, WHM, and webmail access have been fully restored
  • All services are operating normally
  • No evidence of compromise was identified at any point during this incident

Resolution:

This incident is now considered fully resolved.

We appreciate your patience and understanding while we took these proactive steps to protect your services.