A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard can be used to gain access to the control panel without authentication.
The security issue has been addressed in an emergency update that requires running a manual command to find the patched version of the software.
Owned by WebPros International, WHM and cPanel are Linux-based web hosting control panels for server management and website administration. While WHM provides server-level control, cPanel provides administrator access to the website’s backend, webmail, and database.
Both products are among the most widely used hosting control panels, favored by many hosting providers for their familiar interfaces, ease of use for non-technical users, and deep integration with common hosting stacks.
No technical details have been made public, but the severity of the problem appears to be significant, as Namecheap has temporarily blocked access to ports 2083 and 2087 used by WHM and cPanel to protect customers until patches are available.
“We regret to inform you that a major security vulnerability has been identified in the cPanel software that affects all currently supported versions,” Namecheap said.
The hosting provider said the vulnerability, which has not yet received an official identifier, “is related to a login exploit that could allow unauthorized access to the control panel.”
A few hours after Namecheap’s notification, cPanel published a security bulletin notifying that the security issue was addressed in the following product versions:
- 11.110.0.97
- 11.118.0.63
- 11.126.0.54
- 11.132.0.29
- 11.136.0.5
- 11.134.0.20
To install a safe version, the vendor recommends that administrators issue the command /scripts/upcp -force, which uses the cPanel update process and forces it to start even if the system thinks it is already running on the latest version.
Servers running an unsupported version of cPanel are not eligible to receive security updates. In this case, administrators are recommended to upgrade to a supported version as soon as possible.
The discovery of the vulnerability has not been made public, and there is currently no tracking ID for this issue.
An attacker who gains access to cPanel can control everything on the hosting account, from websites and data to email. They can use access to plant backdoors or web shells, redirect users to malicious sites, steal sensitive files, send spam or phishing emails, or collect passwords from configuration files.
WHM provides access to the entire server and all the websites it hosts. This means that a threat actor can create and delete cPanel accounts, establish persistent access to the machine, and use it for various malicious activities (eg, proxy traffic, spam, malware delivery, botnet).
Website owners using the affected administrative interfaces should ensure that they upgrade to the patched version.
AI has tied four zero days to a single exploit that bypasses both renderer and OS sandboxes. A wave of new exploits is coming.
At the Automated Validation Conference (May 12 & 14), see how autonomous, context-rich validation finds usability, validates controls, and closes the correction loop.
Find Your Place
