Security Alert – cPanel, WHM and Webmail Access Restricted

cPanel has released additional security patches and recommendations to further strengthen protection against recently disclosed vulnerabilities. Applying these updates at the earliest is recommended to help safeguard your server environment and avoid potential service impact.

Customers using VPS and Dedicated Servers are strongly advised to ensure the following components are updated to the latest supported versions.

Please refer to the official advisories below for more details

cPanel & WHM cPanel Security Update – May 08 2026

EasyApache packages Security Advisory – CVE-2026-23918

Operating System Kernel Linux Kernel Advisory – CVE-2026-31431

For most customers, the patches have already been applied or are being rolled out automatically; however, customers using custom SSH ports or self-managed servers are advised to perform the recommended updates from their end.

We recommend performing these updates as soon as possible as a precautionary security measure. Thank you for your continued cooperation and understanding.

As part of our ongoing security measures, access to cPanel, WHM, and Webmail was temporarily restricted to mitigate a recently identified cPanel security vulnerability.

The restriction has now been removed, and you should be able to access these services normally.

As a precaution, SSH access (ports 22/2222) has been temporarily blocked to maintain server security. Shared Linux, VPS, and Dedicated server customers will not be able to access their cPanel accounts or servers via SSH clients during this period.

Workaround: VPS and Dedicated server customers can access the server terminal via WHM >> Terminal. For more details, refer https://docs.cpanel.net/whm/server-configuration/terminal-in-whm/

This measure is part of our continued effort to protect your data and ensure safe operations. All other services remain fully functional.

We will share further updates once the cPanel patch is released and applied, and full access to the servers is restored. Thank you for your understanding and patience.

This incident is related to a recently identified security vulnerability in cPanel & WHM login. cPanel would release a new security patch tonight to fix all the identified vulnerabilities and we have planned to install the same on all our servers as soon as released.

Given the nature of this vulnerability, and our immediate priority is to secure data and prevent any impact, we are blocking certain access (WHM/cPanel/Webmail) temporarily, until further notice.

 Your email functionality continues to work (IMAP/POP), we request to use email clients to access your emails in the meantime.

We will keep this post updated once we install the patch on respective servers. Thank you for your understanding and support.