Critical Authentication Vulnerability in cPanel Exposes All Hosted Control Panels Across Versions
What Happened — cPanel disclosed a critical authentication flaw that affects every currently supported version of its control‑panel software. The vulnerability allows an unauthenticated attacker to bypass login checks and obtain full administrative access to the cPanel interface. Patches were released for versions 11.110.0.97, 11.118.0.63, 11.126.0.54, and 11.132.0.29.
Why It Matters for TPRM —
- A compromised cPanel instance can expose thousands of customer websites, databases, and email accounts.
- Attackers can pivot from the control panel to downstream services, creating supply‑chain risk for your own applications.
- Unpatched hosting environments are a common entry point for ransomware and data‑exfiltration campaigns.
Who Is Affected — Web‑hosting providers, managed service providers (MSPs), SaaS platforms that rely on cPanel for customer provisioning, and any organization that outsources web‑hosting to cPanel‑based environments.
Recommended Actions —
- Verify the exact cPanel version running on every hosted server.
- Apply the security updates released by cPanel immediately (or upgrade to a patched version).
- Conduct a post‑patch validation scan to confirm the vulnerability is mitigated.
- Review third‑party hosting contracts for clauses requiring timely security patching.
Technical Notes — The flaw resides in multiple authentication pathways (login, API tokens, and session handling) and can be exploited without valid credentials. No public CVE number was assigned at the time of reporting. Successful exploitation grants full administrative control, potentially exposing website files, databases, email, and DNS settings. Source: The Hacker News