Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted May 08, 2026 - 08:30 EDT
Scheduled
Minimum Patched Build 11.136.0.9 and higher 11.136.1.10 and higher (WP Squared) 11.134.0.25 and higher 11.132.0.31 and higher 11.130.0.22 and higher 11.126.0.58 and higher 11.124.0.37 and higher 11.118.0.66 and higher 11.110.0.117 and higher
11.110.0.116 and higher (cl6110) - note: Before manually updating, set the update tier to the cl6110 branch by running sed -i "s/CPANEL=.*/CPANEL=cl6110/g" /etc/cpupdate.conf
11.102.0.41 and higher 11.94.0.30 and higher 11.86.0.43 and higher
Recommended steps: Ensure your system is up to date: apply dnf/yum/apt updates and ensure the package manager works as expected.
After 12 PM Eastern Time run /scripts/upcp
The details of the vulnerability are unknown.
If you don’t have resellers and you access your server from a static IP address, there is no reason for the WHM management ports (2086 and 2087) to be open to the entire world. You can restrict these using the ConfigServer Security & Firewall (CSF). If you do not have csf firewall installed cpanel has a fork which can be installed via your package manager such as: dnf install cpanel-csf
Edit your configuration file: /etc/csf/csf.conf Locate the TCP_IN list and remove 2086 and 2087. Restart the firewall with csf -r.
Recent security audits have shown that the Terminal feature within the WHM UI can be a major point of entry. Even if you have locked down SSH, hackers have used this UI feature to install malware. I now recommend disabling it entirely by running this command:
touch /var/cpanel/disable_whm_terminal_ui
Posted May 08, 2026 - 08:16 EDT
This scheduled maintenance affects: Services (Webhosting, VPS).