IT-Connect » Tech News » Patch Your Server: A Critical cPanel Vulnerability Has Been Discovered

cPanel security update banner on a red gradient background with the IT-Connect logo and the French text 'Mise à jour de sécurité'.
Tech News

Patch Your Server: A Critical cPanel Vulnerability Has Been Discovered

Florian Burnel 0 Comments

All currently supported versions of cPanel are affected by a security flaw that could allow unauthorized access to the management interface. Here’s what you need to know.

A security bulletin published on April 28, 2026 by cPanel mentions a major security flaw. It affects all currently supported versions of cPanel and, according to the information shared, it impacts different authentication processes.

For those who are not familiar with cPanel, it is a web-based server management interface for Linux, especially useful for managing Web hosting. It is probably the most popular management solution of this kind. In fact, some hosting providers, such as o2switch or Namecheap, integrate it directly into their offers and provide customers with a cPanel interface. With other hosts, it is an optional add-on.

On cPanel’s side, there is little information about this vulnerability. But the preventive response adopted by hosting providers suggests that this vulnerability represents a significant risk.

On X, o2switch also published a message yesterday on the subject, stating: "In order to prevent any security incident, we have disabled cPanel on all our servers. This operation took place at the same time / shortly before cPanel’s announcement." - The same mindset can be seen at Namecheap, where a message refers to an authentication-related vulnerability "that could allow unauthorized access to the control panel."

How Can You Protect Yourself?

In response to the discovery of this vulnerability, several cPanel security updates have been released. They secure the different branches that are still supported, resulting in these versions:

  • 11.110.0.97
  • 11.118.0.63
  • 11.126.0.54
  • 11.132.0.29
  • 11.136.0.5
  • 11.134.0.20

The cPanel security bulletin also mentions an update for the WordPress extension called WP Squared (11.136.1.7). Installing this security patch is more than recommended... Especially since there are likely many cPanel interfaces exposed on the Web.

author avatar
Florian Burnel Co-founder of IT-Connect
Systems and network engineer, co-founder of IT-Connect and Microsoft MVP "Cloud and Datacenter Management". I'd like to share my experience and discoveries through my articles. I'm a generalist with a particular interest in Microsoft solutions and scripting. Enjoy your reading.
See Full Bio
social network icon social network icon social network icon
Share on X Share on Facebook Share on Linkedin Send by e-mail

You May Also Like

Banner for PowerToys 0.99.0 announcing 'Grab And Move & Power Display' with a colorful icon and pastel UI tiles in the background

PowerToys 0.99 Arrives with Grab And Move and Power Display

Florian Burnel 0
Samsung Galaxy phone on a desk with a red warning triangle, representing a security alert, surrounded by floating app icons and Microsoft 365 logos.

Samsung April 2026 Update Breaks Microsoft 365 and Authenticator Apps

Florian Burnel 0
Promo image showing the Firefox logo with a futuristic circuitry background, labeled 'Claude Mythos' and 'Firefox 150'.

Firefox Security Shock: Claude Mythos Uncovers 271 Flaws

Florian Burnel 0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.