Security Advisory – cPanel/WHM Critical Update Notice
-
Thursday, 30th April, 2026
-
19:08pm
Dear Partners,
We would like to inform you about a recently identified critical security vulnerability in cPanel/WHM (CVE-2026-41940), which is an authentication bypass issue (security exploit bug) affecting multiple hosting environments worldwide.
⚠️ Issue Summary:
* This vulnerability allows potential unauthorized access through a login bypass flaw.
* It is classified as a critical security bug (CVSS 9.8) affecting cPanel/WHM systems.
What Hostingwalay is doing:
Our Hostingwalay technical team is actively applying official security patches and updates across all affected servers to ensure maximum protection and stability.
What you should do:
As a precautionary step, we strongly recommend:
* Taking a full backup of all websites, databases, and files
* Storing backups in a secure off-server location
* Ensuring all systems are fully updated
⚠️ Important Note:
If your environment is found to be compromised, Hostingwalay can assist in restoration using available old backups only, subject to backup availability at the time of incident.
Assurance:
There is no need to panic. Services remain stable, and updates are being applied carefully to avoid downtime or data loss.
We are continuously monitoring all infrastructure to maintain security and reliability.
For any assistance regarding backups or system checks, our support team is available 24/7.
Best regards,
Hostingwalay Technical Team
