We are reaching out to let you know about a critical security event that affected the cPanel & WHM platform and the steps we have taken to protect your hosting environment.
A zero-day vulnerability (CVE-2026-41940) was disclosed on April 28, 2026 affecting cPanel & WHM. Because this was a zero-day, there was no advance notice, upon receiving the security alert we immediately deployed the official WP2 Security Update across the entire platform. The patch is fully applied and your environment is now secure.
As part of our security response, we have enforced a platform-wide password reset. You will not be able to log in to cPanel directly using your existing username and password until you set a new one.
How to regain cPanel access
Vulnerability
CVE-2026-41940
Patch applied
April 30, 2026
Action required
Password reset via Billing Panel
Platform status
Fully secured
Please reset your cPanel password via the Billing Panel at your earliest convenience to restore normal access. No other action is required, your websites, data, and services are fully protected.
If you face any difficulty resetting your password or notice anything unusual, our support team is available to assist you.
