Researchers have identified a problem (CVE-2026-41940) affecting all versions of cPanel & WHM. The cPanel team has released an update for cPanel & WHM. If you are using the web application you should update immediately, especially if you see the version on your server below.
The update includes significant security enhancements and authentication improvements designed to ensure the continued protection of your infrastructure.
Updated versions:
11.86.0.41
11.110.0.97
11.118.0.63
11.126.0.54
11.130.0.18
11.132.0.29
11.136.0.5
11.134.0.20
As cPanel continues to work on resolving this issue, the recommended recovery steps may be improved and changed. For more details, please read the support articles for updates, recovery and mitigation steps, and current updates:
https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
The cPanel development teams are currently reviewing the update of older versions of cPanel and WHM. However, they recommend updating to the latest supported version immediately. For versions that cannot be updated, they are evaluating approaches and may implement immediate measures to keep these systems protected.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
