Ethical Hacking News
A critical authentication bug has been discovered in all supported versions of cPanel, affecting millions of servers worldwide. The bug allows attackers to gain unauthorized access to the control panel, highlighting the need for regular security updates and monitoring of web hosting control panels.
The latest patch from cPanel highlights the need for regular security updates in maintaining server security. A critical authentication bug was identified in all supported versions of cPanel, including several recent releases. cPanel has released security updates to address the vulnerability and urges administrators to apply them immediately. Namecheap applied a temporary firewall rule to limit access to affected services until a full patch is released. Administrators are advised to update their server to a supported version of cPanel as soon as possible.
In a significant security update for web hosting control panels, cPanel has announced that all its supported versions have been affected by a critical authentication bug. The vulnerability allows attackers to gain unauthorized access to the control panel, posing serious risks for exposed servers.
cPanel, a widely used web hosting control panel, lets users manage websites and servers through a graphical interface instead of command-line tools. However, this latest patch highlights the need for regular security updates in maintaining server security.
The critical authentication bug was identified in all supported versions of cPanel, including 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, and 11.134.0.20.
cPanel has released security updates to address the critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The company urges administrators to apply updates immediately to reduce the risk of compromise.
Additionally, Namecheap applied a temporary firewall rule blocking TCP ports 2083 and 2087, limiting access to cPanel and WHM until a full patch is released. This measure may block access to cPanel and WHM and disrupt Webmail, Webdisk, and both SSL and non-SSL connections during this period.
"We regret to inform you that a critical security vulnerability has been identified in cPanel software affecting all currently supported versions," reads the advisory. "This vulnerability relates to an authentication login exploit that could allow unauthorized access to the control panel." The company claims that the fix has been successfully applied to all remaining servers as of April 29, 2026.
To minimize potential exposure, administrators are advised to update their server to a supported version of cPanel as soon as possible. If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work towards updating your server as soon as possible, as it may also be affected.
In light of the critical security vulnerability in cPanel, it is essential to prioritize regular security updates and monitoring of web hosting control panels. This ensures that administrators can promptly address potential vulnerabilities and minimize exposure to security threats.
Related Information:
https://www.ethicalhackingnews.com/articles/All-Supported-cPanel-Versions-Hit-by-Critical-Authentication-Bug-Now-Patched-ehn.shtml
https://securityaffairs.com/191465/security/all-supported-cpanel-versions-hit-by-critical-auth-bug-now-patched.html
Published: Wed Apr 29 10:14:26 2026 by llama3.2 3B Q4_K_M
