2026 cPanel Security Response

InMotion Hosting’s response to the successful fleet-wide resolution of CVE-2026-41940, a critical pre-authentication authentication bypass in cPanel & WHM that put roughly 1.5 million internet-exposed servers at risk globally. Within hours of public disclosure on April 28, 2026, the company’s in-house network operations and systems teams blocked exposure at the network layer across its U.S. East, U.S. West, and European data centers, and pushed patches across every eligible server in its fleet. The vast majority of customer websites, applications, databases, and email continued to operate normally throughout the response, while in-house teams worked directly with the small subset of customers whose environments required hands-on remediation.

cPanel Security Patch Advisory for May 13, 2026: 5 CVEs Up to High Severity

by Derrell

Update (May 14, 2026): cPanel released this patch on schedule on May 13, 2026. All five vulnerabilities — CVE-2026-29205, CVE-2026-29206, CVE-2026-32991, CVE-2026-32992, and CVE-2026-32993 — are now patched. InMotion Hosting has applied the update across all managed servers. Self-managed VPS and Dedicated customers who have not yet updated should run /scripts/upcp now. cPanel has disclosed Read More >

WHMCS Security Advisory: CVE-2026-29204 Requires Immediate Update

by Derrell

WHMCS CVE-2026-29204 is an authorization vulnerability affecting all WHMCS 8.x installations prior to 8.13.3 and all 9.x installations prior to 9.0.4. WHMCS published the advisory on May 12, 2026. If you run WHMCS on an InMotion Hosting Reseller, VPS, or Dedicated server, you must update your installation yourself. InMotion Hosting cannot apply this patch on Read More >

cPanel Security Patch Advisory for May 8, 2026: 3 CVEs Disclosed

by Derrell

cPanel has disclosed three new security vulnerabilities (CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203) with a patch scheduled for release today, May 8, 2026, at 12:00pm EST. This is a heads-up advisory: most InMotion Hosting customers will receive the cPanel security update automatically through InMotion’s standard patching process. Your websites, email, and databases are not affected by this Read More >

cPanel Security Update: What You Need to Know

by Derrell

Your website stayed online throughout the incident. We completed a cPanel security update on April 28, 2026, after a serious security flaw was discovered in the software powering the back-end of your hosting account. For most customers, there is nothing to do. What Happened with the cPanel Security Update Researchers discovered a serious flaw in Read More >

CVE-2026-41940: Full Technical Details and InMotion’s Response

by Derrell

CVE-2026-41940 is a pre-authentication remote authentication bypass in cPanel and WHM with a Critical severity rating. Now that patches are deployed and access has been restored across InMotion Hosting’s server fleet, this article provides the full technical picture: how the exploit works, what InMotion did to protect your environment, and what you should do now. Read More >

cPanel & WHM Security Vulnerability – Temporary Access Restrictions – April 28, 2026

by Derrell

cPanel has disclosed a critical authentication vulnerability affecting all currently supported versions of cPanel & WHM. This is an industry-wide issue, and we are taking immediate action to protect your environment while patches are released and verified. For full details from cPanel, see their official advisory: cPanel & WHM Security Update 04/28/2026. Resolution Update (April Read More >

Need More Help?

Current Customers

Get Support: Log into AMP
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.