Loading...

Knowledge Base
Home 
 
/
 cPanel Vulnerability for VPS & Dedicated Customers
Categories: cPanel

cPanel Vulnerability for VPS & Dedicated Customers

On April 28, 2026, cPanel issued an emergency security update addressing a critical authentication bypass vulnerability affecting multiple authentication paths in cPanel & WHM. Bluehost has confirmed this is being actively exploited.

Why is Cent0S 6 Highlighted

CentOS 6 reached End of Life on November 30, 2020, and cPanel support for it ended with version 88. Current cPanel releases run only on supported modern distributions such as AlmaLinux, CentOS 9 and 10, Rocky Linux, and Ubuntu.

As a result, continued operation on CentOS 6 leaves cPanel, WHM, Webmail, Web Disk, and SSL services exposed to these and other unpatched issues. Migration to a supported OS is the only durable remediation.

What Bluehost is doing

  • Restricted login access to cPanel and WHM on some VPS and Dedicated servers
  • Restricting inbound access to the following ports on affected VPS and Dedicated servers running cPanel to reduce exploit exposure.
    • cPanel: 2082 (HTTP), 2083 (HTTPS)
    • WHM: 2086 (HTTP), 2087 (HTTPS)
    • Webmail: 2095 (HTTP), 2096 (HTTPS)
    • WebDisk: 2077 (HTTP), 2078 (HTTPS)

During this period, you may notice the following while we have the firewall rules in place:

  • cPanel and WHM web interfaces are unreachable from the public internet.
  • Webmail and Web Disk over standard cPanel ports may be temporarily unavailable.
  • SSL and non-SSL connections specifically to ports 2083/2087 are blocked.
  • Your hosted websites, databases, and email delivery (SMTP/IMAP/POP) continue to operate normally.

What you should do

  1. You can still log in to the server (SSH or the console in Bluehost Portal).
  2. Update cPanel by running /scripts/upcp as root, per cPanel Documentation. If this fails, please contact Bluehost Support.
  3. Do not attempt to disable the firewall rules. They are in place to protect your data while a fix is coordinated.
  4. Plan to migrate off CentOS 6. Bluehost offers Professional Migration Services from CentOS 6 servers to AlmaLinux, or another supported distribution. Bluehost will help with the purchase and provision of a new server and assist with account-level transfers.

  5. Take a fresh backup of your sites, databases, and email accounts. If your server has been online and exposed in recent weeks, treat backups as a precaution rather than a recovery path.

  6. Audit recent activity in /usr/local/cpanel/logs/access_log and the WHM Login History for unfamiliar IP addresses or login times.
  7. Confirm SSH key-based authentication is enabled, and password authentication is disabled where possible
  8. Once migrated to a server with a supported OS, verify your cPanel build matches one of the patched versions listed below.

Patched cPanel versions

After migrating to a supported operating system, ensure your cPanel & WHM build is on the list of patched versions. For more information on what versions are patched, you can visit the official cPanel Documentation: CVE-2026-41940 - cPanel & WHM / WP2 Security Update. You can verify your build under WHM → Server Configuration → Server Status, or by running /usr/local/cpanel/cpanel -V from the command line.

What are your possible next steps

How to check your cPanel version

You can also refer to this article for more information: Bluehost: CVE-2026-41940: Compromise Check Guide.

Check your current cPanel version

/usr/local/cpanel/cpanel -V

Current Patched Versions on Bluehost

Please refer to the cPanel Upgrade to Latest Version documentation for details on supported versions.

Frequently asked questions

Q: What happened?

A:  On April 28, 2026, cPanel disclosed a critical security vulnerability in its login authentication system. Without the patch, servers could be exposed to unauthorized access. As soon as we received notice, our team moved swiftly to apply the patch and protect your account.

Q: When will access to cPanel/ WHM be back online?

A: We’re working to restore access as quickly as we can.

Q: I’m running an older or unsupported version of cPanel. Am I affected?

A: The vulnerability may also affect older and unsupported versions. We strongly recommend upgrading to a supported build as soon as possible to keep your server secure.

Q: What is the CVE or specific vulnerability?

A: The vulnerability details were disclosed by cPanel directly. For the most up-to-date technical information, we recommend referring to cPanel’s official security advisories. We are following their guidance and applying all recommended patches.

Q: Why is my site down?

A: On April 28, cPanel, the control panel your hosting runs on, disclosed a critical vulnerability. We patched the cPanel software the same day. As part of the monitoring we do on your service, we identified your server as potentially affected, and we took it offline to protect you and your visitors. That’s why your site is down right now. 

Q:  Why was my site taken down without warning?

A: Because the vulnerability was rated critical and was being actively exploited in the wild, leaving the server online would have put your site, your data, and your visitors at risk. Taking it offline was the safer call.  

 

Q:  How long will my site be down?

A: What we can tell you is that engineering is working through the affected servers actively, and we will [follow up by / note in your ticket] as soon as we have confirmed timing for your server.  

 

Q:  Was my data stolen? Was there a breach of my customers’ info?

A: Based on what we’ve seen so far, this was a vulnerability in the cPanel software, and we acted to take affected servers offline.  

 

Q: How did this happen? Whose fault is this?

A: cPanel is the industry-standard control panel used across most of the hosting industry, and they disclosed a critical vulnerability on April 28. We patched as soon as we received the notice and we’re using our monitoring to find and protect any affected servers. 

 

Loading...