cPanel has released security updates to fix an authentication issue that could let an attacker gain access to the control panel software, according to a security advisory from cPanel on Tuesday. The problem affects all currently supported versions, and fixes are now available for six release lines.
KEY FACTS
- Issue It affects various authentication paths in cPanel.
- Impact The flaw could allow access to the control panel software.
- Patched versions 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20 and 11.136.0.5.
- Vendor note Unsupported versions may also be affected.
- Hosting response Namecheap said it applied a firewall rule that temporarily blocked ports 2083 and 2087.
The advisory did not describe the vulnerability in detail. Namecheap disclosed that it related to an authentication login exploit that could allow unauthorized access to cPanel and WHM interfaces.
As a precaution, the company said it restricted customer access to those interfaces until the full patch could be deployed. It said access would be restored once the update was applied across supported servers.
As of April 29, 2026, 02:42 a.m. UTC, Namecheap said the fix had been applied to Reseller, Stellar Business servers and the rest. The disclosure did not say whether the issue had been exploited in the wild.
WHY IT MATTERS
cPanel is widely used by web hosting providers, so authentication flaws can affect access to many hosted sites and account management tools. The patch and temporary restrictions show how quickly providers may need to act when a control panel issue could expose customer systems.