Critical cPanel Authentication Flaw Exposes Servers

/MEDIUM
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerabilityidentitytools
Critical cPanel Authentication Flaw Exposes Servers

The Hacker News reports that cPanel has issued urgent security updates to patch a critical authentication vulnerability affecting all currently supported versions of its control panel software. The flaw could allow attackers to gain unauthorized access to server administration panels. cPanel has released patches for versions 11.110.0.97, 11.118.0.63, 11.126.0.54, and 11.132.0.29.

This vulnerability targets various authentication paths, meaning attackers could potentially bypass standard login procedures. For system administrators, this is a wake-up call to immediately update affected cPanel installations. Failure to patch leaves servers wide open to compromise, potentially leading to data theft, further system infiltration, or complete server takeover.

What This Means For You

  • If your organization uses cPanel for server management, verify your version immediately and apply the latest security updates provided by cPanel. This vulnerability could be actively exploited, so patching is critical to prevent unauthorized access and potential system compromise.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1110 Brute Force Credential Access

๐Ÿ›ก๏ธ Detection Rules

3 rules ยท 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free โ€” export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

cPanel Authentication Bypass Attempt

Sigma YAML โ€” free preview

Source: Shimi's Cyber World ยท License & reuse

โœ“ Sigma ยท Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM โ†’

Indicators of Compromise

IDTypeIndicator
cPanel-Auth-Vulnerability Auth Bypass cPanel & WHM software, all currently supported versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29
cPanel-Auth-Vulnerability Auth Bypass Authentication paths in cPanel & WHM software

Written by SCW Vulnerability Desk

Take action on this incident
๐Ÿ“ก Monitor cpanel.com Free ยท 1 watchlist slot ยท instant alerts on new breaches ๐Ÿ” Threat intel on cPanel All breaches, IOCs & vendor exposure

Related coverage on cPanel

CISA Mandates Urgent Patching for Windows Zero-Day Exploited in Attacks

CISA has issued a directive to federal agencies, compelling them to patch a critical Windows vulnerability actively exploited as a zero-day. BleepingComputer reports this flaw...

threat-inteldata-breachmalwarevulnerabilitymicrosoft
/SCW Vulnerability Desk /HIGH /⚑ 1 IOC /⚙ 3 Sigma

NGA Grapples with AI Workforce Overhaul and Job Anxiety

The National Geospatial Intelligence Agency (NGA) is navigating a significant challenge: integrating AI tools while managing workforce anxiety and maintaining operational security. According to CyberScoop,...

threat-intelpolicygovernmentmicrosofttools
/SCW Research /MEDIUM /⚙ 3 Sigma

LiteLLM Pre-Auth SQLi Actively Exploited: CVE-2026-42208

Hackers are actively exploiting a critical pre-authentication SQL injection vulnerability, CVE-2026-42208, in the LiteLLM open-source large language model (LLM) gateway. BleepingComputer reports that attackers are...

threat-inteldata-breachmalwarevulnerabilityai-security
/SCW Vulnerability Desk /HIGH /⚑ 3 IOCs /⚙ 3 Sigma