A critical authentication bypass vulnerability affecting nearly all supported versions of cPanel and WHM could allow unauthenticated attackers to access control panels and take over hosting accounts or entire servers. WebPros released emergency patches and advises administrators to run /scripts/upcp βforce to apply fixes while providers like Namecheap temporarily blocked ports 2083 and 2087 to protect customers. #cPanel #WHM
Keypoints
- The vulnerability enables an authentication login bypass affecting supported cPanel and WHM releases.
- An emergency update was published; administrators must run /scripts/upcp βforce to install patched versions.
- Namecheap temporarily blocked ports 2083 and 2087 to protect users until patches were available.
- WHM compromise provides full server control, enabling account creation, persistence, and abuse for spam, proxying, or malware delivery.