Full Report
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions - 11.110.0.97 11.118.0.63 11.126.0.54 11.132.0.29
Analysis Summary
# Vulnerability: cPanel Critical Authentication Bypass
## CVE Details
- **CVE ID**: Not explicitly provided (Vendor released as a security update/advisory)
- **CVSS Score**: Not provided (Categorized as Critical by vendors)
- **CWE**: CWE-287 (Improper Authentication) - Based on technical description
## Affected Systems
- **Products**: cPanel & WHM (Web Host Manager)
- **Versions**: All currently supported versions prior to the patches released in April 2026. This includes older versions that may no longer be eligible for official updates but remain vulnerable.
- **Configurations**: Systems with public-facing authentication interfaces (typically on ports 2083 and 2087).
## Vulnerability Description
This vulnerability impacts various authentication paths within the cPanel and WHM control panel software. While technical specificities remain limited, reports indicate an authentication login exploit that allows unauthorized users to bypass security measures and gain full access to the control panel. This could lead to a complete takeover of the server or the hosted accounts.
## Exploitation
- **Status**: Potential exploitation in the wild (as indicated by emergency defensive actions taken by major hosting providers like Namecheap).
- **Complexity**: Low (Described as an authentication login exploit).
- **Attack Vector**: Network (Remote).
## Impact
- **Confidentiality**: High (Unauthorized access to all data on the control panel).
- **Integrity**: High (Ability to modify server configurations and user data).
- **Availability**: High (Ability to lock out legitimate users or shut down services).
## Remediation
### Patches
cPanel has released official security updates. Administrators should update to the following versions or higher:
- 11.110.0.97
- 11.118.0.63
- 11.126.0.54
- 11.132.0.29
- 11.134.0.20
- 11.136.0.5
### Workarounds
- **Firewall Blocking**: Temporarily block external access to TCP ports **2083** (cPanel) and **2087** (WHM) via hardware or software firewalls until updates can be applied.
- **IP Transition**: If access is required, restrict those ports to trusted/whitelisted administrative IP addresses only.
## Detection
- **Indicators of Compromise**: Monitor for unusual successful login events in the cPanel access logs (`/usr/local/cpanel/logs/access_log`) from unrecognized IP addresses.
- **Detection methods and tools**: Verify current running version via the CLI using `/usr/local/cpanel/cpanel -V`.
## References
- **Vendor Advisory**: hxxps[://]support[.]cpanel[.]net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
- **Namecheap Status Update**: hxxps[://]www[.]namecheap[.]com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026/
- **News Source**: hxxps[://]thehackernews[.]com/2026/04/critical-cpanel-authentication.html