Critical cPanel Security Updates Scheduled for May 13, 2026 – Immediate Action Recommended

cPanel Security

Introduction


cPanel has announced another important round of cPanel server security updates scheduled for May 13, 2026, at 1:00 PM EST. These critical updates address multiple vulnerabilities affecting several supported versions of cPanel & WHM, with some issues rated as High severity, making immediate patching essential for maintaining cPanel server security and infrastructure protection.

According to the official communication from cPanel, the vulnerabilities were either responsibly disclosed by external security researchers or identified internally by the cPanel security team. At the time of announcement, no active exploits or public proof-of-concept code have been detected in the wild, but administrators are strongly advised to update systems promptly to strengthen overall cPanel server security.

Vulnerabilities Addressed

The upcoming patch includes fixes for the following security vulnerabilities:

  • CVE-2026-29205
  • CVE-2026-29206
  • CVE-2026-32991
  • CVE-2026-32992
  • CVE-2026-32993

Affected cPanel Versions

The following cPanel & WHM versions are impacted:

  • 86
  • 94
  • 102
  • 110
  • 110 CL6
  • 118
  • 124
  • 126
  • 130
  • 132
  • 134
  • 136
  • 136 (WP2)

Patch Availability

The security patch will be distributed through:

  • Standard automatic cPanel update channels
  • Manual update process

cPanel strongly recommends performing a manual update immediately after the patch becomes available to minimize exposure.

1. Identify Affected Servers

Review all servers currently running impacted cPanel versions and prepare them for immediate patching.

2. Verify Update Configuration

If automatic updates are disabled or systems are pinned to specific versions, review the following configuration file now:

/etc/cpupdate.conf

This helps avoid delays once the patch is released.

3. Inform Internal Teams

Organizations requiring maintenance windows should notify relevant stakeholders and technical teams in advance to ensure smooth deployment.

4. Run Manual Updates

Once the patch becomes available, administrators can manually trigger the update using:

/scripts/upcp

5. Important Note for CloudLinux 6 Users

CloudLinux 6 users should first switch to the cl6110 update tier before running manual updates.

Why This Update Matters

The hosting industry is witnessing a rapid increase in newly discovered vulnerabilities, and AI-assisted security research is accelerating the speed at which threats are identified and potentially exploited. Timely patch management is becoming more critical than ever for maintaining server security and service stability.

At 24×7 Server Management, we strongly recommend proactive patching, continuous monitoring, and routine security audits to protect hosting environments from emerging threats.

Final Thoughts

System administrators and hosting providers should prepare immediately and ensure all affected cPanel servers are updated as soon as patches become available on May 13, 2026.

Our team will continue monitoring the release and will provide additional technical guidance once cPanel publishes complete remediation details and patched version information.

We will continue monitoring the release and share further technical details and remediation guidance once the official cPanel patches become available.

If you need assistance with patch management, server hardening, or emergency cPanel updates, feel free to contact the 24×7 Server Management support team.

Frequently Asked Questions

1. What is the cPanel security update released on May 13, 2026?

The update is a critical security patch released by cPanel & WHM to fix multiple vulnerabilities, including high-severity CVEs affecting several supported cPanel versions.

2. Which cPanel versions are affected by these vulnerabilities?

Affected versions include 86, 94, 102, 110, 118, 124, 126, 130, 132, 134, and 136, including specific CloudLinux and WP2 builds.

3. How can I manually update my cPanel server?

Once the patch is available, administrators can manually trigger the update using the following command:
/scripts/upcp

4. Why is it important to apply cPanel security patches immediately?

Delaying security updates can expose servers to cyberattacks, unauthorized access, malware infections, and service disruptions. Immediate patching helps maintain server security and stability.

 

Picture of admin
admin

Related articles

Hire DevOps Experts
cpanel Server Management

Technical Discussions

Click here

Request a Quote

Categories
Tags
24x7servermanagement 24x7Support AWS AWS devops Azure Azure Devops CloudComputing CloudInfrastructure CloudMigration CloudSecurity CloudSolutions container orchestration cPanel cPanelSecurity Cpanel server management cpanel server security Cybersecurity DataProtection DevOps devops consulting companies devops consulting services DevOpsSecurity DevSecOps Docker FintechSecurity HybridCloud InfrastructureManagement ITInfrastructure ITSecurity ITSupport Kubernetes KubernetesSecurity ManagedITServices Microservices Architecture Observability server management ServerManagement ServerMonitoring server optimization server performance ServerSecurity sre top devops consulting companies WHM wordpress security
Security Expert
Recent Posts