Resolved cPanel Zero Day Exploit - Network wide protections in place for cPanel and WHM logins/ports

[KH-JonathanKW]

IMPORTANT – Please read immediately

cPanel announced that a zero-day authentication/privilege escalation bug that affects almost all known (both EoL and supported) cPanel versions was discovered a short while ago and successful exploits have been seen in the wild.

At this time, a limited scope of information is available about the bug and the cPanel team is actively working on a patch. Cpanel’s official article can be found at https://support.cpanel.net/hc/en-us...rability-with-cPanel-WHM-Login-Authentication

Due to the potential nature of this issue and out of an abundance of caution, we’ve begun blocking WHM/cPanel login ports across the KnownHost network (including ports 2082, 2083, 2086, and 2087). The blocks cannot be removed/modified per server/customer and will be removed once suitable patches have been released or cPanel has more information available.

We realize that this type of immediate change affects customer access, but want to ensure that all servers remain safe while cPanel investigates further as necessary.

 

[KH-JonathanKW]

UPDATE

This exploit has been expanded to cover cPanel webmail ports 2095/2096.

These are now currently blocked at the network level.

EDIT: This includes webdisk ports 2077 and 2078

 

[b3t0]

Thanks.

 

[VAGDesign]

Thanks, I opened a ticket cause it's the first time I wouldn't login on WHM while websites worked fine...

 

[KH-JayP]

UPDATE:
Our team continues to work directly with cPanel on the release of a security patch. As soon as one is available, we will begin updating servers. Network blocks for cPanel, WHM, Webmail, and Webdisk ports remain in place at this time.

Thank you for your continued patience.

 

[KH-DanielP]

UPDATE:

Patches have been released by cPanel to address the issue. We are in the process of rolling out these updates to all managed customers. If you are an unmanaged customer running cPanel then you'll want to SSH into your system and execute /scripts/upcp to pull the latest version.

We anticipate this process is going to take much of the afternoon and into the night as thousands of machines need to receive the patches before we can open the network up.

We will continue to post regular updates as we have them.

 

[KH-DanielP]

UPDATE:

We're continuing to push patches out across the network to all impacted customer VM's. It's too early to determine when we will be able to open the network ports up but we will keep everyone posted.

 

[KH-JayP]

UPDATE:

Staff continue to make their way through the network, applying the security patch. Thank you again for your extended patience

 

[rkrc]

One of my machine at other host is working for good with cpanel. How soon will this work as right now I am in the middle of transition where lots of website were moved to my new cpanel servers.

 

[thomz82]

sorry, can i know the ETA ? ( possible 5 hours ? ) i need to up webmail (web access) badly, clients keep asking me already

 

[KH-DanielP]

UPDATE:

We have pushed out patches to the majority of our network to mitigate the exploit. As such we've restored access to the cPanel ports that were previously blocked.

Our team will continue to work to mitigate any edge case systems remaining on our network. We do appreciate everyone's patience and understanding.

 

[wpharbor]

Thank you!

 

[rkrc]

Thanks a lot!

I would like to take this opportunity to express my sincere and deeper appreciation for the exceptional support and service your team has consistently provided. In an industry where reliability, responsiveness, and technical competence are critical, your organization has demonstrated all three with remarkable consistency.

What truly stands out is your proactive approach, prompt response times, and the professionalism with which every query or concern is handled. Whether it is routine assistance or addressing time-sensitive matters, your team has always ensured that solutions are delivered efficiently and with clarity.

Your infrastructure stability, coupled with dependable support, has played a vital role in ensuring smooth and uninterrupted operations on our end for more than a decade. It is reassuring to work with a provider that not only understands the technical requirements but also values long-term relationships and customer trust.

We genuinely value this association and look forward to continuing our collaboration. Please accept our appreciation for your dedication, commitment, and the high standards of service you consistently maintain.

 

[rkrc]

I always consider myself to be very honest, dedicated and always trying to offer best of services from last 26 years but I believe there is lot to learn from you.

 

[JCLake]

Thank you for the dedicated support of your staff. Having cPanel down was a challenge, although I was able to get my code modifications done using FTP and FileZilla!