Additional cPanel Security Patch Following Critical Vulnerability Wave

 In Announcements
0

Following the critical cPanel & WHM vulnerability disclosed earlier this month (CVE-2026-41940), cPanel has now released an additional security patch affecting multiple supported versions of cPanel & WHM.

cPanel Website Screenshpt

The update is now live and should be applied as soon as possible on affected systems.

The newly released patch addresses:

  • CVE-2026-29205
  • CVE-2026-29206
  • CVE-2026-32991
  • CVE-2026-32992
  • CVE-2026-32993

Affected branches include: 86, 94, 102, 110, 118, 124, 126, 130, 132, 134 and 136.

At this stage, no active exploitation has been publicly reported for these vulnerabilities.

Still, the timing matters.

Why this matters for website owners and marketers

Most website owners never directly interact with cPanel security internals.

But the effects of a compromised hosting environment are very real:

  • websites being defaced
  • SEO spam injections
  • malware redirections
  • stolen customer data
  • blacklisted mail servers
  • credential theft
  • suspended advertising campaigns
  • or complete service interruption

In many real-world cases, the visible symptom is not “a cPanel vulnerability.”

It is:

  • Google Search Console warnings
  • a hacked homepage
  • email deliverability collapsing overnight
  • or customer trust disappearing after a compromise.

That is why hosting-related security releases matter even for users who never log into WHM directly.

This second update is separate from the first advisory

One important detail:

This release is not covered by the earlier CVE-2026-41940 remediation.

Even servers updated during the first emergency patch cycle still require this additional update.

That distinction is important because many users assume:

“We already updated after the first announcement, so we’re protected.”

Not necessarily.

As additional vulnerabilities are identified and validated, vendors frequently release secondary patch waves after the initial emergency disclosure.

Recommended action

If your server runs cPanel & WHM, we strongly recommend applying the latest update immediately.

Via WHM:

WHM → cPanel → Upgrade to Latest Version

Via SSH:

/scripts/upcp --force

After updating:

  • verify the installed build version
  • restart the cpsrvd service

Why operational communication matters

One of the biggest problems during infrastructure security events is not only the vulnerability itself. It is delayed visibility.

Many website owners discover critical security issues only after:

  • services become unavailable
  • providers begin emergency maintenance
  • or websites are already compromised.

As this situation evolved, our team monitored upstream cPanel advisories and informed affected customers ahead of the rollout window so updates could be planned immediately once builds became available. That operational visibility matters because exposure windows matter.

Recent Posts

Leave a Comment

Contact Us

Your message has been sent!

Thank you! We’ll take a look at your request and get in touch with you as quickly as possible.

Let us know what you’re looking for by filling out the form below, and we’ll get back to you promptly during business hours!





    Start typing and press Enter to search

    Ultimate 25 GBPS VPS for Streamers Are LiveAnnouncements