We have finished deploying vendor patches across all cPanel servers to address CVE-2026-41940, a critical authentication bypass in cPanel & WHM that could allow unauthorised control-panel access on unpatched installations.
No action required for our patch
Your service sits on infrastructure we maintain; the corrective updates are already in place on our side. You do not need to install anything from us to receive this fix.
As with any serious control-panel issue reported industry-wide, staying vigilant is sensible: use strong, unique passwords, enable two-factor authentication for cPanel where available, and review recent account and website changes. If anything looks unfamiliar, open a support ticket, and we will help you check it.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-41940
Questions? Open a ticket from your client area.
- Monday, 4th May, 2026
- 00:20am
