cPanel has disclosed a critical authentication vulnerability affecting all currently supported versions of cPanel & WHM. This is an industry-wide issue, and we are taking immediate action to protect your environment while patches are released and verified.
For full details from cPanel, see their official advisory: cPanel & WHM Security Update 04/28/2026.
Resolution
Update (April 29, 2026): cPanel has released patches addressing this vulnerability. Our team has applied the updates across affected servers and restored normal cPanel and WHM access.
The patched cPanel & WHM versions are:
- 11.86.0.41
- 11.110.0.97
- 11.118.0.63
- 11.126.0.54
- 11.130.0.19
- 11.132.0.29
- 11.134.0.20
- 11.136.0.5
Dedicated and VPS server customers: If you manage your own cPanel updates, run the following command to retrieve the patched version:
/scripts/upcp --forceYou can confirm you are on a patched version with:
/usr/local/cpanel/cpanel -VAs long as the output matches one of the versions listed above, your system has been patched.
Warning: If your server is not running a supported version of cPanel eligible for this update, it is highly recommended that you update your server as soon as possible, as it may also be affected.
What We Did
To reduce exposure, we temporarily closed the ports used for cPanel and WHM access on affected servers. They remained closed until cPanel released patches, our team applied them, and we validated that the fix was working as intended.
What This Means for You
- Your websites, applications, databases, and email continue to operate normally.
- Direct cPanel and WHM logins may be temporarily unavailable.
- Your Account Management Panel (AMP) login is not affected.
Questions?
Your security and the integrity of your service are our top priority. For live updates, visit status.inmotionhosting.com. If you have questions, reach out to our Technical Support team anytime.
Thank you for your patience and trust while we work to restore normal access.
Leave a Reply