Overview
- cPanel released patched builds Wednesday after confirming a critical authentication bypass that impacts every supported release of its control panel and the WHM admin dashboard.
- No technical details or tracking ID have been published, but the risk is clear because a successful attack would grant full access to hosting accounts and server administration.
- Patches ship as builds 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5, and cPanel instructs administrators to run /scripts/upcp –force to fetch and install them.
- Namecheap applied a temporary firewall block on ports 2083 and 2087 used by cPanel and WHM, which can interrupt access to control panels, Webmail, and Webdisk until patched servers are restored; the company says fixes have been deployed to its Reseller and Stellar Business pools.
- Servers stuck on unsupported versions will not get the security update, so cPanel urges upgrades to a supported release to close the hole and reduce exposure.