CPANEL has fixed a critical authentication vulnerability that could have allowed attackers to access the control panel, affecting all currently supported versions. The company released security updates and urges administrators to apply them immediately to reduce the risk of compromise.
Namecheap applied a temporary firewall rule blocking TCP ports 2083 and 2087, limiting access to cPanel and WHM until a full patch is released, though the mitigation may disrupt Webmail, Webdisk, and SSL and non-SSL connections during the period, according to Namecheap. The following versions address the vulnerability: 11.110.0[.]97, 11.118.0[.]63, 11.126.0[.]54, 11.132.0[.]29, 11.136.0[.]5, and 11.134.0[.]20.
If a server is not running a supported version eligible for this update, administrators are advised to update as soon as possible, as it may be affected, cPanel noted. As of 29 April 2026, 02:42 a.m. UTC, the fix has been deployed across Reseller, Stellar Business, and other servers, according to Namecheap Support Team.