Immediately update all internet-facing servers to maintain peak security and performance.
An issue (CVE-2026-41940) affecting all versions of cPanel & WHM has been identified. We have released a coordinated update for cPanel & WHM; immediate action is necessary if you’re not on a patched version below. This release includes important security enhancements and authentication refinements designed to ensure the continued protection of your infrastructure.
Patched versions:
Picture1-1
As we continue to work on this issue, the recommended remediation steps may be refined. Refer to the support articles for patched versions, remediation and mitigation steps, and ongoing updates:
which is needs to take action - https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
We are currently reviewing patching older cPanel and WHM versions; however, we recommend updating to the latest supported version immediately. For versions that cannot be updated, we are evaluating approaches and may apply immediate measures to keep those systems protected. Note, that if we observe servers on supported major versions are not being updated, we may initiate an automatic update to ensure those systems remain protected.
DNSONLY servers are also covered by the same fix.
If you have any questions or run into issues applying the update, please contact our cPanel Support Team.
We urge you to act on this today.
By
The cPanel Team
Copyright © 2026 All Rights Reserved
