The past several weeks have brought a whirlwind of new security vulnerabilities, many of them critical in nature. While we’ve been posting updates to the notification section within our portal, we wanted to begin posting these here given how frequent they’re likely to continue given recent AI developments. If you would like to stay up-to-date on these, you can subscribe to our blog to receive email notifications for any updates. For the most part, though, these have little impact to clients other than an occasional server reboot to get updates fully applied.
cPanel / WHM Authentication Bypass Vulnerability (CVE-2026-41940)
This recent wave was kicked off by the most severe of the vulnerabilities thus far, an authentication bypass vulnerability within cPanel / WHM scoring a 9.8 out of 10.
Our advanced and extensive monitoring of all servers that we manage helped us to detect and address this well before this vulnerability was public. We first encountered this in the wild on April 8 and confirmed its presence on April 20. We immediately reported this to cPanel and disabled public WHM access to our servers at that time.
cPanel finally released updates to address this vulnerability nine days later, on April 29. We installed these updates as quickly as we could and lifted the WHM access restrictions. Afterwards, it only took a few hours of this being public before we began seeing extensive attempts to exploit this vulnerability. This highlights the necessity in patching these vulnerabilities quickly.
Copy Fail Linux Kernel Vulnerability (CVE-2026-41940)
This vulnerability was published on April 22 but the scope and ease of exploiting it wasn’t widely clear until around a week later. All of our servers were rebooted to apply the mitigation for this vulnerability as soon as possible and then again with the updated kernel.
Various Apache & Exim Vulnerabilities
As we do not use Apache, we were not impacted by its vulnerabilities. Exim was patched as needed via cPanel updates.
Dirty Frag Linux Kernel Vulnerability (CVE-2026-43284, CVE-2026-43500)
The mitigation for this vulnerability was applied right away and servers were rebooted once an official kernel update became available from AlmaLinux.
cPanel Target Security Releases (5/8, 5/13)
These were both applied within minutes of release and addressed various vulnerabilities including arbitrary file read, perl code injection and arbitrary chmod vulnerabilities.
Fragnesia Linux Kernel Vulnerability (CVE-2026-46300)
The mitigation for this is the same as it was for Dirty Frag and we had left it in place since we do not require the related kernel modules so further action was not required. KernelCare updates have since addressed this as well.
Linux Kernel ptrace Exit-race Vulnerability / ssh-keysign-pwn (CVE-2026-46333)
Our use of CloudLinux’s CageFS in addition to the CloudLinux specific sysctl kernel.user_ptrace mitigated this. KernelCare patches have also addressed it.
Moving Forward…
We expect this trend of serious vulnerabilities being made public to continue in the near term as AI helps to discover them and increase the rate at which they are being exploited. We’ll continue to work diligently to keep you and your data as safe as possible by quickly applying updates and mitigations as they become available.