All supported cPanel versions hit by critical auth bug, now patched
cPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The flaw affects all supported versions, raising serious risks for exposed servers. cPanel is a […]
cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The flaw affects all supported versions, raising serious risks for exposed servers.
cPanel is a widely used web hosting control panel that lets users manage websites and servers through a graphical interface instead of command-line tools.
Related breach coverage
- Critical bug in CrowdStrike LogScale let attackers access files2026-04-26
CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. “CrowdStrike has released security updates […]
- cPanel, WHM emergency update fixes critical auth bypass bug2026-04-29
A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. [...]
- Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months2026-04-30
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.
- GitHub fixes RCE flaw that gave access to millions of private repos2026-04-29
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. [...]