Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately Ravie LakshmananApr 29, 2026Vulnerability / Web Hosting cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions - 11.110.0.97 11.118.0.63 11.126.0.54 11.132.0.29 11.136.0.5 11.134.0.20 "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected," cPanel noted. While cPanel did not share any details about the vulnerability, web hosting and domain registration company Namecheap disclosed that it "relates to an authentication login exploit that could allow unauthorized access to the control panel." As a precautionary measure, the company has applied a firewall rule to block access to TCP ports 2083 and 2087, a move it said will temporarily restrict customer access to their cPanel and WHM interfaces until a full patch is applied. "Our team is actively monitoring the situation and will apply the official patch across all supported servers as soon as it becomes available," Namecheap noted. "Access to your control panels will be restored immediately once the patch has been successfully deployed." As of April 29, 2026, 02:42 a.m. UTC, the fix has been applied to Reseller, Stellar Business servers, and the rest, according to the Namecheap Support Team. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Authentication, cPanel, cybersecurity, Firewall, Namecheap, network security, Patch Management, server security, Vulnerability, web hosting Trending News Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Your MTTD Looks Great. Your Post-Alert Gap Doesn't The Hidden Security Risks of Shadow AI in Enterprises Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Load More ▼ Popular Resources Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization Discover Key AI Security Gaps CISOs Face in 2026 Fix Rising Application Security Risks Driven by AI Development