Critical Security Vulnerability - cPanel/WHM platforms
A new security vulnerability has been identified that affects multiple versions of cPanel/WHM, referenced as CVE-2026-41940.
All managed customers have been upgraded and notified directly.
If you do not have a management plan, this is a critical vulnerability, and we recommend you review the advisory provided by cPanel. If you have vulnerable systems, patch them immediately to mitigate the identified risks.
You must be on one of the following patched versions to avoid this vulnerability:
- 11.86.0.41
- 11.110.0.97
- 11.118.0.63
- 11.126.0.54
- 11.130.0.19
- 11.132.0.29
- 11.136.0.5
- 11.134.0.20
You can identify which version you are on by logging in to cPanel/WHM as the root user and checking the "cPanel Version" number on the top grey banner.
Alternatively, you can check the version by logging in to the server via ssh and running
/usr/local/cpanel/cpanel -V
For those running vulnerable versions, you can update cPanel via the below:
Update via the WHM Interface (recommended).
- Log in to your WHM control panel as your root user.
- Navigate to cPanel >> Upgrade to Latest Version (or type Upgrade to Latest Version in the search bar).
- Start the upgrade process.
- Once completed, confirm the update has been applied by checking the "cPanel Version" number situated on the top banner of WHM.
Update via SSH (advanced)
- Log in to your server via SSH as your root user.
- Run the command to identify the current version. /usr/local/cpanel/cpanel -V
- If this version is vulnerable, run /scripts/upcp
- Wait for the update to complete.
- Confirm you're running a patched version by running the command /usr/local/cpanel/cpanel -V
Once you have updated the system, we recommend checking if a compromise has occurred. This can be done by running the detection script provided by cPanel, located here https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026.
If you are unsure how to execute this script, please let us know, and we will look to assist – if you do not have an active management plan, additional work may be chargeable.
Should you have any questions or require assistance, please do not hesitate to get in touch with our support team.
-
Hosted Services
- Dedicated Servers
- VPS Hosting
- Cloud Hosting
- cPanel Control Panel
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from CWCS Status Page, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about CWCS Status Page.