cPanel's May 13 patch covers five new CVEs, but security researcher Shubham Shah reported within hours that the fix for CVE-2026-29205 is incomplete and all cPanel instances remain exploitable until a working patch lands.
Category: Security
Three cPanel patches and Linux kernel fixes for DirtyFrag landed on May 8. Here is what got fixed and what to verify with your hosting provider.
Change Healthcare's $3.1 billion in breach costs is the new normal of what a serious compromise sets in motion: parallel notification clocks across GDPR, NIS2, DORA, and HIPAA; personal liability for CISOs and boards; and a cyber insurance market with conditions that can deny coverage at the worst moment.
Three new cPanel vulnerabilities, CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, are being patched today at 12:00pm EST, with technical details withheld until the fix is live.
DirtyFrag, a Linux kernel local privilege escalation that gives any local user root access on Ubuntu, RHEL, Fedora, CentOS Stream, AlmaLinux, and openSUSE Tumbleweed, went fully public on May 8 after an embargo break, with no CVE assigned and no patches available for any affected distribution.
Apache 2.4.67, released May 4, patches 11 CVEs including a CVSS 8.8 HTTP/2 remote code execution flaw and a shared hosting privilege escalation that lets customers read each other's files.
CVE-2026-41940, the cPanel authentication bypass exploited for 64 days before disclosure, is still developing. 44,000 servers likely compromised, a public exploit on GitHub, three active campaigns. This page is updated in real time as new information surfaces.
CVE-2026-41940, the cPanel authentication bypass from April 28, was being exploited since February 23, operated as a zero-day for 64 days, and was added to CISA's Known Exploited Vulnerabilities list with 1.5 million internet-exposed instances counted by Rapid7.
Copy Fail (CVE-2026-31431) is a Linux kernel privilege escalation giving any unprivileged local user root access, affecting virtually all distributions since 2017, with shared hosting and multi-tenant environments at highest risk.
cPanel disclosed a critical authentication bypass on April 28 affecting nearly all versions of cPanel and WHM, with active exploits confirmed in the wild before the patch was released, forcing hosting.com, Namecheap, KnownHost, HostPapa, and InMotion Hosting to take cPanel access offline globally.