Critical Vulnerability with cPanel & WHM Login Authentication

Incident Report for InterServer

Identified

Updates are available:
TIER 11.110 WAS: 11.110.0.96 NOW: 11.110.0.97
TIER 11.118 WAS: 11.118.0.61 NOW: 11.118.0.63
TIER 11.126 WAS: 11.126.0.53 NOW: 11.126.0.54
TIER 11.132 WAS: 11.132.0.27 NOW: 11.132.0.29
TIER 11.134 WAS: 11.134.0.19 NOW: 11.134.0.20
TIER 11.136 WAS: 11.136.0.4. NOW: 11.136.0.5

Please run the following command to retrieve the patched version.

/scripts/upcp

* Webhosting Systems are being updated in stages, as they update cpanel services will be re-enabled.

Users running older systems that are not supported by cpanel/WHM must firewall off the ports.
Posted Apr 28, 2026 - 19:36 EDT

Investigating

All cpanel/WHM VPS and Server owners please review: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication

At minumum

Disable cpdavd

whmapi1 configureservice service=cpdavd enabled=0 monitored=0

Then stop cpsrvd on your server:

/scripts/restartsrv_cpsrvd --stop


Please be aware cpanel/WHM services will be offline until a patch is released.
Posted Apr 28, 2026 - 16:45 EDT
This incident affects: Services (Webhosting).
Current Status Powered by Atlassian Statuspage