Another round of critical cPanel updates to be released 5/13/2026 1pm EST

T

thetechguide

New Member
From an email directly from cPanel:
"We are writing to let you know that a cPanel & WHM security patch is expected to be released on Wednesday, May 13, 2026 at 1:00pm EST.
This release addresses multiple vulnerabilities across versions of cPanel & WHM, including fixes for the following vulnerabilities rated up to High severity.
  • CVE-2026-29205
  • CVE-2026-29206
  • CVE-2026-32991
  • CVE-2026-32992
  • CVE-2026-32993
All vulnerabilities were either responsibly disclosed by external researchers or identified internally by our security team. At this time, there are no known exploits or proof-of-concept code in the wild. To help protect customers prior to patch availability, technical details about vulnerabilities will be released alongside the patches.

Patch & Affected Versions
The patch will be available on May 13 at 1:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update once the patch is made available.

Versions Impacted:
86, 94, 102, 110, 110 CL6, 118, 124, 126, 130, 132, 134, 136, 136 (WP2)

Prepare Now
  • Identify affected servers. Review your servers on the affected versions above.
  • Check the update configuration. For servers where automatic updates are disabled or version-pinned, review /etc/cpupdate.conf now so there are no delays when the patch lands.
  • Brief your team. If your environment requires a maintenance window, notify the relevant people so they are ready to act.
  • Manual update. To update impacted servers before an automatic update is triggered, run /scripts/upcp once the patch is made available.
  • Note for CloudLinux 6 users. Before manually updating, set the update tier to the cl6110 branch
  • Watch for a follow-up email with exact patched versions and a link to all technical details in the support article.
The industry is seeing a sustained rise in discovered vulnerabilities, and AI is accelerating the pace at which they are found and exploited. We are responding by strengthening how we identify, validate, and act on security reports. You will hear from us more frequently as our processes evolve. This is intentional. We believe clear, timely communication is part of how we keep you protected.

We will follow up the moment the patch is live with full details and remediation steps......"
 
You must log in or register to reply here.
Top