CybersecurityVulnerability Management

cPanel Discloses Authentication Flaw, Urges Immediate Server Updates

Analyst 207||Source: TheHackerNews
System administrator standing behind a computer terminal with a blurred login screen in a server room.

"[It] relates to an authentication login exploit that could allow unauthorized access to the control panel," Namecheap wrote, summarizing the risk announced by cPanel.

cPanel advisory — which versions contain the fix

cPanel released an alert on Tuesday stating that a security issue affecting "various authentication paths" could let an attacker gain access to the control panel software. The company said the problem affects all currently supported versions and published patched builds for those releases. The addressed versions are:

  • 11.110.0.97
  • 11.118.0.63
  • 11.126.0.54
  • 11.132.0.29
  • 11.136.0.5
  • 11.134.0.20

cPanel advised that "If your server is not running a supported version of cPanel that is eligible for this update, it is highly recommended that you work toward updating your server as soon as possible, as it may also be affected."

Authentication paths and the access risk

cPanel described the issue as one impacting multiple authentication paths and warned it could allow "an attacker to obtain access to the control panel software." The vendor did not publish technical details of the vulnerability in the advisory. Namecheap — a web hosting and domain registration company — described the vulnerability more bluntly, saying it "relates to an authentication login exploit that could allow unauthorized access to the control panel."

Namecheap's mitigation steps and deployment status

As a precautionary measure, Namecheap applied a firewall rule to block access to TCP ports 2083 and 2087. The company said that blocking those ports will temporarily restrict customer access to their cPanel and WHM interfaces until a full patch is applied. Namecheap stated its team is "actively monitoring the situation and will apply the official patch across all supported servers as soon as it becomes available," and that "Access to your control panels will be restored immediately once the patch has been successfully deployed."

As of April 29, 2026, 02:42 a.m. UTC, Namecheap reported the fix has been applied to Reseller and Stellar Business servers, and "the rest," according to the Namecheap Support Team.

Servers not on supported versions — the immediate decision point

cPanel's advisory explicitly flags servers running unsupported cPanel versions as a potential additional risk. The company recommended that operators of unsupported installations "work toward updating your server as soon as possible," because those systems "may also be affected." That recommendation places an operational imperative on administrators who are not on the supported upgrade path to prioritize an update or remediation.

What this means for hosting customers, resellers, and security teams

  • Hosting customers: Customers may experience temporary loss of access to cPanel and WHM interfaces while Namecheap's firewall rule is in place; access will be restored once Namecheap applies the official patch to the affected servers.
  • Resellers and Stellar Business accounts: Namecheap reported their Reseller and Stellar Business servers have already received the fix as of 02:42 a.m. UTC on April 29, 2026, indicating those classes of accounts are to receive priority deployment.
  • Security and operations teams: Teams managing cPanel instances should verify which cPanel version they run, apply one of the patched versions listed by cPanel if available, and expedite upgrading servers that are no longer supported, per cPanel's guidance.

The immediate record is straightforward: cPanel published patched builds for all currently supported releases, and Namecheap put temporary port-level blocks in place while it rolled the fixes across its infrastructure. Two facts remain central for administrators and customers alike — the vulnerability targets authentication mechanisms, and systems not on a supported cPanel release are explicitly called out as potentially affected. For now, the practical steps are clear: apply the listed updates on supported installations and push unsupported servers toward a supported release so they can receive the same protection.

Original reporting: https://thehackernews.com/2026/04/critical-cpanel-authentication.html

Emerging ThreatsPatch ManagementServer SecuritySoftware VulnerabilityWeb HostingCpanelAuthentication FlawControl Panel Exploit
Related Intelligence

Continue Reading

Person considering settings on a laptop in a neutral-colored room.

Google Unveils Separate Controls for Search History, Personalization

Google is giving you more control over your online experience by separating search history and personalization settings, allowing you to customize your Google Search services and Google Play experience like never before. You'll start seeing these changes in your Google Account over the next few days.

Analyst 207
Person sitting at desk with laptop and puzzle piece, testing vulnerability in office setting.

Researchers Expose AI Browser Vulnerability to Credential Theft

Imagine a simple game trick that could convince AI-powered browsers to hand over your login credentials - a vulnerability researchers have now exposed, leaving users at risk. By creating a malicious web page that changes an AI agent's sense of reality, hackers can bypass safety guardrails and gain access to sensitive information.

Analyst 207
Blurred office interior with computer workstations and a glass paperweight on a shelf.

UK Museums Exposed to Rising Cybersecurity Threats

The UK's cultural treasures are under threat from rising cybersecurity risks, with a recent report criticizing the Department for Culture, Media and Sport for being reactive rather than proactive in protecting national galleries and museums. This vulnerable stance puts priceless artifacts and historical exhibits at risk of being compromised.

Analyst 207
Person sitting at laptop with system restore interface on screen, hands paused on keyboard.

Microsoft Rolls Out Windows 11 Update with Point-in-Time Restore Feature

Microsoft's latest Windows 11 update is here, bringing with it a game-changing feature: Point-in-time restore, which lets you snap your PC back to a previous state in just minutes. With this update, you can easily turn back the clock and get your computer up and running smoothly again.

Analyst 207