cPanel & WHM Security Update CVE-2026-29201, CVE-2026-29202, CVE-2026-29203 May 08, 12:00pm EST
Subscribe
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 08, 2026 - 08:30 EDT
May 08, 2026 - 08:30 EDT
Scheduled - Minimum Patched Build
11.136.0.9 and higher
11.136.1.10 and higher (WP Squared)
11.134.0.25 and higher
11.132.0.31 and higher
11.130.0.22 and higher
11.126.0.58 and higher
11.124.0.37 and higher
11.118.0.66 and higher
11.110.0.117 and higher
11.110.0.116 and higher (cl6110) - note: Before manually updating, set the update tier to the cl6110 branch by running sed -i "s/CPANEL=.*/CPANEL=cl6110/g" /etc/cpupdate.conf
11.102.0.41 and higher
11.94.0.30 and higher
11.86.0.43 and higher
Recommended steps:
Ensure your system is up to date: apply dnf/yum/apt updates and ensure the package manager works as expected.
After 12 PM Eastern Time run /scripts/upcp
The details of the vulnerability are unknown.
If you don’t have resellers and you access your server from a static IP address, there is no reason for the WHM management ports (2086 and 2087) to be open to the entire world. You can restrict these using the ConfigServer Security & Firewall (CSF). If you do not have csf firewall installed cpanel has a fork which can be installed via your package manager such as: dnf install cpanel-csf
Edit your configuration file: /etc/csf/csf.conf
Locate the TCP_IN list and remove 2086 and 2087.
Restart the firewall with csf -r.
Recent security audits have shown that the Terminal feature within the WHM UI can be a major point of entry. Even if you have locked down SSH, hackers have used this UI feature to install malware. I now recommend disabling it entirely by running this command:
touch /var/cpanel/disable_whm_terminal_ui
May 8, 2026 08:30 - May 9, 2026 08:30 EDT
11.136.0.9 and higher
11.136.1.10 and higher (WP Squared)
11.134.0.25 and higher
11.132.0.31 and higher
11.130.0.22 and higher
11.126.0.58 and higher
11.124.0.37 and higher
11.118.0.66 and higher
11.110.0.117 and higher
11.110.0.116 and higher (cl6110) - note: Before manually updating, set the update tier to the cl6110 branch by running sed -i "s/CPANEL=.*/CPANEL=cl6110/g" /etc/cpupdate.conf
11.102.0.41 and higher
11.94.0.30 and higher
11.86.0.43 and higher
Recommended steps:
Ensure your system is up to date: apply dnf/yum/apt updates and ensure the package manager works as expected.
After 12 PM Eastern Time run /scripts/upcp
The details of the vulnerability are unknown.
If you don’t have resellers and you access your server from a static IP address, there is no reason for the WHM management ports (2086 and 2087) to be open to the entire world. You can restrict these using the ConfigServer Security & Firewall (CSF). If you do not have csf firewall installed cpanel has a fork which can be installed via your package manager such as: dnf install cpanel-csf
Edit your configuration file: /etc/csf/csf.conf
Locate the TCP_IN list and remove 2086 and 2087.
Restart the firewall with csf -r.
Recent security audits have shown that the Terminal feature within the WHM UI can be a major point of entry. Even if you have locked down SSH, hackers have used this UI feature to install malware. I now recommend disabling it entirely by running this command:
touch /var/cpanel/disable_whm_terminal_ui
May 8, 2026 08:30 - May 9, 2026 08:30 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 07, 2026 - 19:30 EDT
May 07, 2026 - 19:30 EDT
Scheduled - A high-priority vulnerability, identified as DirtyFrag, has been detected within specific Linux kernel network modules. This flaw allows for unauthorized memory manipulation via targeted network packets. To ensure the continued integrity of our infrastructure and protect against potential remote code execution or data corruption, we are implementing immediate mitigation steps on our webhosting and storage servers rolling out now.
The following mitigation has been tested:
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"; echo 3 | sudo tee /proc/sys/vm/drop_caches
The above mitigation will stop this specific exploit. Vendor kernel updates are not yet fully released.
Kernelcare will be issuing patches. Users with KVM or Dedicated Servers running linux are recommended to consider security updates via kernelcare for rebootless updates. Further information is at https://blog.cloudlinux.com/dirty-frag-mitigation-and-kernel-update
May 7, 2026 19:30 - May 9, 2026 19:30 EDT
The following mitigation has been tested:
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"; echo 3 | sudo tee /proc/sys/vm/drop_caches
The above mitigation will stop this specific exploit. Vendor kernel updates are not yet fully released.
Kernelcare will be issuing patches. Users with KVM or Dedicated Servers running linux are recommended to consider security updates via kernelcare for rebootless updates. Further information is at https://blog.cloudlinux.com/dirty-frag-mitigation-and-kernel-update
May 7, 2026 19:30 - May 9, 2026 19:30 EDT
About This Site
Interserver Status Page
my
Operational
Management Portal
Operational
Datacenters
Operational
TEB2
Operational
TEB4
Operational
TEB5
Operational
TEB6
Operational
Equinix NY4
Operational
Equinix LAX1
Operational
LAX2
Operational
TEB7
Operational
Network
Operational
Network
Operational
Services
Under Maintenance
Webhosting
Under Maintenance
Storage
Operational
VPS
Under Maintenance
Mailbaby
Operational
Scrub
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance