cPanel Patches Critical Auth Bypass Affecting Millions of Sites

cPanel released emergency security updates on April 28 after discovering a critical authentication vulnerability affecting all supported versions of its hosting control panel software. The flaw could allow attackers to bypass login authentication and gain unauthorized access to cPanel and Web Host Manager (WHM) interfaces.

Hosting providers worldwide scrambled to apply patches after cPanel disclosed the issue, with major providers including Namecheap, InMotion, and others temporarily blocking access to control panel ports as a precaution. The vulnerability impacts the millions of websites managed through cPanel infrastructure.

TL;DR

• What happened: Authentication bypass in cPanel/WHM login allows unauthorized control panel access
• Who's affected: All cPanel installations running supported versions prior to the April 28 patch
• Severity: Critical - Enables admin-level access without credentials
• Action required: Apply latest security updates immediately

What Happened

According to Namecheap's status disclosure, the security issue was confirmed on April 28, 2026, affecting "all currently supported versions of the platform." The vulnerability relates to an authentication login exploit that could allow unauthorized access to the control panel.

cPanel hasn't disclosed specific technical details, but the company confirmed the issue impacts multiple authentication pathways within both cPanel and WHM. An attacker successfully exploiting this flaw could gain administrative privileges—enough to deploy malware, steal customer data, or use the compromised infrastructure to attack other networks.

The following versions received patches:

• 11.110.0.97
• 11.118.0.63
• 11.126.0.54
• 11.132.0.29
• 11.134.0.20
• 11.136.0.5

Hosting Providers Took Defensive Action

Before patches were available, hosting providers implemented emergency firewall rules blocking TCP ports 2083 (cPanel) and 2087 (WHM). This prevented both legitimate and malicious access to control panels—an inconvenience for customers, but necessary given the severity.

Namecheap confirmed on April 29 at 02:42 UTC that fixes had been applied to Reseller and Stellar Business servers. Other providers have been rolling out patches throughout the day.

Why This Matters

cPanel powers a significant portion of the shared hosting market. When you book cheap web hosting, there's a good chance you're getting a cPanel license bundled with it. A vulnerability at this level doesn't just affect individual websites—it threatens the entire multi-tenant infrastructure that hosting providers operate.

This is the second major control panel vulnerability we've covered recently. Earlier this year, authentication bypass issues in Clerk demonstrated how auth flaws in widely-deployed infrastructure can cascade into widespread compromise.

For hosting customers, the incident highlights the importance of hosting provider security practices. Your website's security depends not just on your own code, but on every layer of infrastructure beneath it.

Recommended Actions

For hosting providers:

1. Apply cPanel security updates immediately if not already done
2. Review access logs for the period before patches were applied
3. Enable audit logging to detect any unauthorized changes

For website owners:

1. Verify with your hosting provider that patches have been applied
2. Review your cPanel account for unexpected changes (new email accounts, FTP users, cron jobs)
3. Consider enabling two-factor authentication on your cPanel account if available
4. Check for unfamiliar files or modifications in your web directories

Frequently Asked Questions

Was my website compromised?

Without knowing if attackers discovered this vulnerability before cPanel, it's impossible to say definitively. If your hosting provider applied patches promptly and blocked ports preemptively, the window for exploitation was narrow.

Should I change my cPanel password?

Yes, as a precaution. Also review any API tokens or application passwords configured in your cPanel account.

Organizations managing critical infrastructure through cPanel should consider this a wake-up call about hosting security dependencies. For background on secure infrastructure practices, see our online safety guide.