A high-severity security vulnerability (CVE-2026-29204) has been identified in the WHMCS billing and automation platform. This flaw could potentially allow authenticated users to perform unauthorized actions or access services belonging to other accounts.

In the interest of protecting our customers' environments, our security team is currently reaching out to affected account holders via email. While we are attempting to apply emergency security patches where possible, some installations may require manual updates due to specific configurations. We thank you for your patience. You can find more information from WHMCS HERE.

cPanel has released an update for three new security vulnerabilities: CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203

The patch for these vulnerabilities will be deployed on 5/8/2026 at 12:00 PM Eastern US time. This update will be deployed automatically.

Please review this article for more detailed information: https://www.inmotionhosting.com/support/news/cpanel-cve-2026-29201-29202-29203-patch-advisory/

Our Systems Administration Team is aware of the Copy Fail Vulnerability (CVE-2026-31431) affecting certain Linux kernel versions, as outlined by CloudLinux. Kernel updates and mitigations are actively being applied to impacted systems. https://blog.cloudlinux.com/cve-2026-31431-copy-fail-kernel-update

Additionally, we are monitoring an issue related to Imunify360 where active malware scans may cause performance issues. If you are actively experiencing this issue, please contact our support team for assistance.

A critical vulnerability was recently identified in the cPanel software regarding an authentication login exploit. This affects all currently supported versions of cPanel. In order to best protect our customers, WHM/cPanel logins may be inaccessible for some servers until all patches have been released, applied, and validated. We thank you for your patience. You can find more information from cPanel HERE.