cPanel vulnerability CVE-2026-29201, CVE-2026-29202, CVE-2026-29203

Resolved

cPanel released an update and we updated all affected systems last Friday at 5-6PM.
All systems have been patched.

Mon, May 11, 2026, 11:01 AM

(2 weeks ago)

Affected components

No components marked as affected

Updates

Resolved

cPanel released an update and we updated all affected systems last Friday at 5-6PM.
All systems have been patched.

Mon, May 11, 2026, 11:01 AM

Identified

We've been made aware of a new security vulnerability in cPanel. This is in addition to the authentication bypass (CVE-2026-41940) which was disclosed and patched last week.

A patch has not yet been made available by cPanel themselves, nor has any detail been released about the exact nature of the vulnerability. This patch is expected to land within the next few hours, at 5PM BST.

In the meantime, out of an abundance of caution, we are restricting access to cPanel & WHM, as we did for the previous issue. We know this will be inconvenient, but we believe it to be a necessary step to safeguard your services.

If you require access to WHM, you will need to provide your IP address to our support team for temporary whitelisting. You can find your IP by visiting https://ip.prostack.host.

Once the patch is available we will apply it and re-enable access to cPanel.

If you have any questions regarding this, don't hesitate to get in touch. We appreciate your patience whilst we work to update your servers.

Fri, May 8, 2026, 08:10 AM(3 days earlier)