InterServer Status

cPanel & WHM Targeted Security Release: Patch Arriving May 13, 2026 at 1:00pm EST

In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 12, 2026 - 17:00 EDT

Scheduled - This release addresses multiple vulnerabilities across versions of cPanel & WHM, including fixes for the following vulnerabilities rated up to High severity.

CVE-2026-29205
CVE-2026-29206
CVE-2026-32991
CVE-2026-32992
CVE-2026-32993

The patch will be available on May 13 at 1:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update once the patch is made available.

Versions Impacted:

86, 94, 102, 110, 110 CL6, 118, 124, 126, 130, 132, 134, 136, 136 (WP2)

We recommend ensuring your systems package managers are operational, all updates are applied, and standard cpanel updates are working. After 1 PM EST run another cpanel update.

All cPanel webhosting systems will be updated tomorrow once the patch arrives.
May 12, 2026 17:00 - May 13, 2026 21:00 EDT

About This Site

Interserver Status Page

my Operational

Management Portal Operational

Datacenters Operational

TEB2 Operational

TEB4 Operational

TEB5 Operational

TEB6 Operational

Equinix NY4 Operational

Equinix LAX1 Operational

LAX2 Operational

TEB7 Operational

Network Operational

Services Under Maintenance

Webhosting Under Maintenance

Storage Operational

VPS Under Maintenance

Mailbaby Operational

Scrub Operational

Operational

Degraded Performance

Partial Outage

Major Outage

Maintenance

Past Incidents

May 12, 2026

Unresolved incident: cPanel & WHM Targeted Security Release: Patch Arriving May 13, 2026 at 1:00pm EST.

May 11, 2026

No incidents reported.

May 10, 2026

No incidents reported.

May 9, 2026

Linux DirtyFrag Mitigation

Completed - The scheduled maintenance has been completed.
May 9, 19:30 EDT

In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 7, 19:30 EDT

Scheduled - A high-priority vulnerability, identified as DirtyFrag, has been detected within specific Linux kernel network modules. This flaw allows for unauthorized memory manipulation via targeted network packets. To ensure the continued integrity of our infrastructure and protect against potential remote code execution or data corruption, we are implementing immediate mitigation steps on our webhosting and storage servers rolling out now.

The following mitigation has been tested:

sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"; echo 3 | sudo tee /proc/sys/vm/drop_caches

The above mitigation will stop this specific exploit. Vendor kernel updates are not yet fully released.

Kernelcare will be issuing patches. Users with KVM or Dedicated Servers running linux are recommended to consider security updates via kernelcare for rebootless updates. Further information is at https://blog.cloudlinux.com/dirty-frag-mitigation-and-kernel-update
May 7, 19:15 EDT

cPanel & WHM Security Update CVE-2026-29201, CVE-2026-29202, CVE-2026-29203 May 08, 12:00pm EST

Completed - The scheduled maintenance has been completed.
May 9, 08:30 EDT

In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 8, 08:30 EDT

Scheduled - Minimum Patched Build
11.136.0.9 and higher
11.136.1.10 and higher (WP Squared)
11.134.0.25 and higher
11.132.0.31 and higher
11.130.0.22 and higher
11.126.0.58 and higher
11.124.0.37 and higher
11.118.0.66 and higher
11.110.0.117 and higher

11.110.0.116 and higher (cl6110) - note: Before manually updating, set the update tier to the cl6110 branch by running sed -i "s/CPANEL=.*/CPANEL=cl6110/g" /etc/cpupdate.conf

11.102.0.41 and higher
11.94.0.30 and higher
11.86.0.43 and higher

Recommended steps:
Ensure your system is up to date: apply dnf/yum/apt updates and ensure the package manager works as expected.

After 12 PM Eastern Time run /scripts/upcp

The details of the vulnerability are unknown.

If you don’t have resellers and you access your server from a static IP address, there is no reason for the WHM management ports (2086 and 2087) to be open to the entire world. You can restrict these using the ConfigServer Security & Firewall (CSF). If you do not have csf firewall installed cpanel has a fork which can be installed via your package manager such as: dnf install cpanel-csf

Edit your configuration file: /etc/csf/csf.conf
Locate the TCP_IN list and remove 2086 and 2087.
Restart the firewall with csf -r.

Recent security audits have shown that the Terminal feature within the WHM UI can be a major point of entry. Even if you have locked down SSH, hackers have used this UI feature to install malware. I now recommend disabling it entirely by running this command:

touch /var/cpanel/disable_whm_terminal_ui
May 8, 08:16 EDT

May 8, 2026

May 7, 2026

May 6, 2026

No incidents reported.

May 5, 2026

No incidents reported.

May 4, 2026

No incidents reported.

May 3, 2026

No incidents reported.

May 2, 2026

Cloudlinux cPanel/Directadmin shared hosting rolling reboots

Completed - The scheduled maintenance has been completed.
May 2, 11:15 EDT

In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Apr 30, 10:15 EDT

Scheduled - Cloudlinux based shared hosting servers will have rolling reboots starting today in order to address cve-2026-31431 - Please review https://www.interserver.net/tips/cve-2026-31431-mitigation/ for further information.
Apr 30, 10:01 EDT

May 1, 2026

Hyperv108 hardware issue & OS corruption

Resolved - This issue is resolved
May 1, 21:25 EDT

Monitoring - We are monitoring the server after VMs restore , all VMs are online
May 1, 21:25 EDT

Identified - Hardware & Windows OS issue is resolved on server and we are working on VMs restore with the latest state
Apr 30, 09:51 EDT

Investigating - We are currently investigating & working on hyperv108 hardware issue which caused OS corruption
Apr 30, 07:05 EDT

Apr 30, 2026

Critical Vulnerability with cPanel & WHM Login Authentication

Resolved - This incident has been resolved.
Apr 30, 02:22 EDT

Update - Updates are now available for these build:

11.110.0.97
11.118.0.63
11.126.0.54
11.132.0.29
11.136.0.5
11.134.0.20
WP Squared 11.136.1.7

Please run the following command to retrieve the patched version.

/scripts/upcp --force

You can confirm you are on a patched version of cPanel with the following command:

/usr/local/cpanel/cpanel -V

As long as the output matches one of the above versions, then your system has been patched.

Warning: If your server is not running a supported version of cPanel that is eligible for this update, it is recommended to firewall off port 2078-2096 and migrate to a supported version of cpanel/WHM.
Apr 29, 12:07 EDT

Identified - Updates are available:
TIER 11.110 WAS: 11.110.0.96 NOW: 11.110.0.97
TIER 11.118 WAS: 11.118.0.61 NOW: 11.118.0.63
TIER 11.126 WAS: 11.126.0.53 NOW: 11.126.0.54
TIER 11.132 WAS: 11.132.0.27 NOW: 11.132.0.29
TIER 11.134 WAS: 11.134.0.19 NOW: 11.134.0.20
TIER 11.136 WAS: 11.136.0.4. NOW: 11.136.0.5

Please run the following command to retrieve the patched version.

/scripts/upcp

* Webhosting Systems are being updated in stages, as they update cpanel services will be re-enabled.

Users running older systems that are not supported by cpanel/WHM must firewall off the ports.
Apr 28, 19:36 EDT

Investigating - All cpanel/WHM VPS and Server owners please review: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication

At minumum

Disable cpdavd

whmapi1 configureservice service=cpdavd enabled=0 monitored=0

Then stop cpsrvd on your server:

/scripts/restartsrv_cpsrvd --stop

Please be aware cpanel/WHM services will be offline until a patch is released.
Apr 28, 16:45 EDT

Apr 29, 2026

Apr 28, 2026