SEARCH
RSS Feed
News
May
2
cPanel Security Incident – Recovery Progress & Live Updates
Posted by Sufya F on 02 May 2026 08:54 AM

cPanel Security Incident – Live Updates

[Update 12 – 08 May 2026 | 5:45 AM GMT]

These are updates on the remaining servers that are undergoing recovery, restoration, migration, or final verification following the cPanel security incident.

Server-Specific Updates:

Tania
The server has been fully updated, patched to the latest stable version, and brought back online successfully. 100% complete.

Nicole
OS reload and cPanel installation are in progress. Restoration from backup has started. Estimated completion is within 24 to 48 hours, with most servers finished in 48 hours.

Kylie
Restore has been completed. Remaining IP change will be done today, and sites are up. Estimated finalization is within 24 hours.

Corp1
This server was deeply affected. We are currently recovering all possible data. Estimated resolution time: 24 to 72 hours.

USVIP2
This server was deeply affected. We are currently recovering all possible data. Estimated resolution time: 24 to 72 hours.

Mint2
The server has been fully updated, patched, and brought back online successfully. IPs have been added. Estimated completion: 24 to 48 hours.

Britz
Restore has been completed. IP change is pending. ETA: 2 hours.

HKVIP1
Data remains intact. A new server environment is being arranged. Estimated resolution time: 24 to 72 hours.

USVIP1
OS reload, patching, and restoration processes have been completed successfully. Websites are online. 100% complete.

Budget4
OS reload, restoration, patching, and upgrades are 100% complete.

USVIP4
A new SSD OS drive has been added, and the server has been reloaded. cPanel installation and restoration are in progress. Estimated completion: 24 to 72 hours.

Corp5
A new hard disk has been added, and the initial backup structure has been completed. Final OS reload and restoration are scheduled. Estimated completion: 24 to 72 hours.


[Update 11 – 07 May 2026 | 7:54 AM GMT]

Recovery is nearly complete, with the majority of systems back online. However, cPanel remains turned off as we are taking a full backup to prevent any vulnerabilities. After the backup process is completed, you will get access to cPanel.

Current Progress:

  • Shared & SEO Servers: 100% Online, except Tania (No ETA), Nicole (No ETA), Kylie (ETA 24H), and Britz (ETA 18H)
  • All Reseller Servers: Websites are 100% Online, except USVIP2 (No ETA), Corp1 (No ETA), Mint2 (No ETA), HKVIP1 (No ETA), and Budget1 (ETA 24H)
  • VPS Servers: 95% Online
  • Baremetal Dedicated Servers: 98% Online
  • Smart Cloud Servers: 97% Online
  • Services using DirectAdmin Control Panel: Not affected

Notes:

  • We have received over 2,000 support tickets. Due to our team focusing on server recovery, response times for tickets and chats may be slower than usual. Once all servers are fully online, we will prioritize the resolution of these tickets and restore response times to normal.

[Update 10 – 07 May 2026 | 7:54 AM GMT]

Recovery is nearly complete with the majority of systems back online. However, cPanel remains turned off across all servers until cPanel Inc. provides a permanent solution for the critical vulnerability (CVE-2026-41940).

Current Progress:

  • Shared & SEO Servers: 100% Online, except Tania, Nicole, Kylie, and Britz
  • All Reseller Servers: Websites are 100% Online, except USVIP1, USVIP2, Corp1, Mint2, HKVIP1, and Budget1
  • VPS Servers: 80% Online
  • Baremetal Dedicated Servers: 95% Online
  • Smart Cloud Servers: 80% Online
  • Services using DirectAdmin Control Panel: Not affected

Note: cPanel remains turned OFF on all servers until a permanent solution for the vulnerability is provided by cPanel Inc.

[Update 9 – 04 May 2026 | 11:19 AM GMT]

The recovery process is nearing completion. We are on track to have the majority of servers fully patched, updated, and back online shortly, with only a few systems that were more significantly impacted requiring additional recovery work.

Current Progress:

  • Shared & SEO Servers: 60% online
  • USA Reseller Servers: 95% online (all servers online except 5 servers)
  • Reseller Servers (Other Locations): 85% online
  • VPS Servers: 70% online
  • Baremetal Dedicated Servers: 90% online
  • Smart Cloud Servers: 80% online
  • Services using DirectAdmin Control Panel: 100% online (Not affected)


[Update 8 – 03 May 2026 | 4:54 PM GMT]

The recovery process is progressing well. Within the next 24 hours, we expect the majority of servers to be fully patched, updated, and brought back online, with the exception of a limited number of systems that were more deeply affected by the incident and require additional recovery work.

Current Progress:

  • Shared & SEO Servers: 50% online
  • USA Reseller Servers: 90% online
  • Reseller Servers (Other Locations): 60% online
  • VPS Servers: 65% online
  • Baremetal Dedicated Servers: 70% online
  • Smart Cloud Servers: 60% online
  • Services using DirectAdmin Control Panel: Not affected

[Update 7 – 03 May 2026 | 4:05 PM GMT]

The recovery process is ongoing. 50% of the affected SEO servers have been successfully restored. Additionally, 30% of Baremetal and SmartCloud servers have been fully restored.

[Update 6 – 02 May 2026 | 07:37 AM GMT]

Recovery progress continues. Approximately 40% of affected servers have been fully restored, and 80% of USA reseller servers are now online. Websites and email are operational on restored servers, except cPanel/webmail, which remains disabled for security reasons.

[Update 5 – 02 May 2026 | 08:30 AM GMT]
Recovery in progress. Approximately 15% of all servers and 30% of reseller hosting servers have been restored, upgraded, and secured. Work continues on remaining systems.

 

[Update 4 – 02 May 2026 | 06:00 AM GMT]
Server rebuild and patching ongoing. Systems are being OS reloaded and upgraded to fully patched environments before being brought online.

[Update 3 – 01 May 2026 |  10:30 PM GMT]

Initial recovery phase started. Affected systems isolated and security validation process initiated.

 

[Update 2 – 01 May 2026 | 01:00 PM GMT]
All cPanel servers taken offline as a precaution due to *critical vulnerability (CVE-2026-41940)* actively being exploited globally.

 

[Update 1 – 01 May 2026 | 12:30 PM GMT]
Security advisory issued. Investigation and containment measures initiated.

 

Latest Information & Details

Full advisory and updates:

https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

SkyNet blog article:

https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/

Technical analysis (WatchTowr):

https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940

Community discussion:

https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Note:

Updates will be posted here as progress continues.
Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).