Situation
This security release addresses vulnerabilities across multiple versions of cPanel & WHM, including fixes for several vulnerabilities rated up to High severity.
All vulnerabilities were either responsibly disclosed by external researchers or identified internally by our security team.
Impact
We have pushed out a patch for the following cPanel & WHM versions:
- 11.86.0.45 and higher
- 11.94.0.32 and higher
- 11.102.0.43 and higher
- 11.110.0.120 (cl6110)
- 11.110.0.121 and higher
- 11.118.0.68 and higher
- 11.124.0.41 and higher
- 11.126.0.62 and higher
- 11.130.0.26 and higher
- 11.132.0.35 and higher
- 11.134.0.29 and higher
- 11.136.0.13 and higher
We have pushed out a patch for the following WP Squared version:
- 11.136.1.16 and higher
For customers still on CloudLinux 6, we recommend running the following command to set the upgrade tier, and then following the steps in the "Required Actions" below.
# sed -i "s/CPANEL=.*/CPANEL=cl6110/g" /etc/cpupdate.conf
Note: All further versions of cPanel are patched for this issue as well. Please see the latest changelogs for version information of each cPanel branch:
https://docs.cpanel.net/changelogs/
Call to Action
-
Update the cPanel version on the server to one of the versions listed above. This can be done with the following:
# /scripts/upcp --force
-
Once completed, verify the cPanel version with the following to ensure the update was successful.
# /usr/local/cpanel/cpanel -V
- If you are not able to update, then it is recommended that you block inbound traffic on ports 2079 and 2080 at the firewall until you are able to proceed with the upgrade.
Additional Information
Security: SEC-73755 cPanel & WHM / WP2 Security Update - May 19, 2026
Comments
0 comments
Article is closed for comments.