cPanel Critical Vulnerability Issue

Update: Friday 1 May 1am
This is just a update.  We believe we have 7 affected servers and the team are rebuilding and restoring. Every web host is affeted by this. Links pasted below will show you this is a worldwide issue.  If you are reading this ask yourself the question  'If my server got hacked and my hosts backups were not available could I recover my website?'  If the answer is no then you need to take action and we can give advice just open a ticket..

Thursday 30 April 2026

This week, cPanel announced a critical zero day vulnerability affecting cPanel and WHM servers. We applied the official patch to all servers as soon as it became available.

We are continuing to monitor the situation and gather information. Early reports suggest this vulnerability may have been present and undetected for up to 30 days.

Like many hosting providers using cPanel, we have been impacted. At the time of writing, we have identified four servers that were affected, where the attacker issued commands to wipe the systems. There is currently no evidence that any data was exfiltrated. We have also identified a small number of other servers that the cPanel script shows as having been compromised so we need to rebuild these too but the sites are still loading.

Two of these servers have already been rebuilt, and work is ongoing to restore the remaining systems. From discussions with other providers, it appears the overall impact on our infrastructure has been limited in comparison.

Our immediate priority is restoring services and bringing client websites back online as quickly as possible for the small percentage of affected clients. We will provide detailed updates to affected clients once the situation has stabilised. Please give us some space to get your tickets replied to as we need to priortise service impacting tickets.

For further information, please refer to the following third party resources:

• https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
• https://www.theregister.com/2026/04/30/cpanel_whn_cves/
• https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
• https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/
• https://www.techradar.com/pro/security/the-internet-is-falling-down-critical-cpanel-crlf-injection-vulnerability-puts-tens-of-millions-of-websites-at-risk-of-total-compromise-hosting-providers-urged-to-apply-cve-2026-41940-patch-immediately
• https://beazley.security/alerts-advisories/critical-vulnerability-in-cpanel-and-whm-under-active-exploitation-cve-2026-41940
• https://www.reddit.com/r/cpanel/comments/1syyajp/comment/oiyg0fr/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
• https://x.com/i/status/2049919869366218762

Please note:

• All servers were patched as soon as the update was released.
• We are closely monitoring all systems and will respond immediately to any further issues.
• Looking at command history it looks like the attacker used a script called 'Nuclear' and ran commands to wipe the servers

Truth be told, as a hosting provider, we have been considerably lucky. As only cPanel servers are affected, and as many of our clients have already migrated off cPanel to our Enhance platform; the proportion of impacted services is significantly lower than what other providers are seeing.

We will be emailing all clients in the coming days to emphasise the importance of backups and giving additional options to take your own backups locally.  We are confident none of our backups servers have been affected but it is always good at a time like this to remind clients of the importance of having secondary disaster recovery backups. Ask yourself the question 'If my server got hacked and my hosts backups were not available could I recover my website?'  If the answer is no then you need to take action and we can give advice just open a ticket.

If you have any questions, please raise a support ticket addressed to management. We appreciate your patience and understanding while we focus on restoring services.