We would like to provide an update regarding the recently disclosed critical cPanel / WHM vulnerability (CVE-2026-41940).
The security issue has now been fully addressed across our hosting infrastructure. All affected systems were promptly updated with the official cPanel security patches, required services were restarted, and post-update validation checks were completed successfully.
As an additional precaution, we also conducted security reviews and monitoring to identify any signs of suspicious or unauthorized activity. At this time, we have found no evidence of compromise within our managed environment.
Temporary access restrictions that were implemented as a protective measure during the incident response period have now been lifted, and normal access to cPanel, WHM, and Webmail services has been restored.
We appreciate your patience and understanding while we worked to ensure the security of our platform.
If you have any questions or concerns, please contact our support team.
This notification applies to customers using cPanel-based services, including:
We would like to inform you of a recently disclosed security vulnerability affecting cPanel / WHM servers globally.
🔐 What happened
A critical vulnerability (CVE-2026-41940) was identified in the cPanel/WHM authentication system. Under certain conditions, this issue could allow an unauthenticated user to bypass the login process and gain access to hosting accounts.
🛠️ What we have done
Our team responded immediately and has:
Applied the official cPanel security updates across all systems Verified the integrity of affected services Reviewed logs and activity for any signs of exploitation
✅ Current status
All systems are patched and secure No evidence of unauthorized access has been detected All services remain fully operational
⚠️ Impact to you
No action is required from you at this time Your websites, email, and hosting services continue to operate normally
As an additional precaution, we have temporarily restricted access to cPanel, WHM, and Webmail services for up to 48 hours while we continue to monitor for any potential issues that may not yet have been identified.
🔎 Additional information
This vulnerability affected the login mechanism of the control panel, not individual websites or WordPress installations or email accounts directly.
🔒 Recommended best practices
As a general precaution, we recommend:
Using strong, unique passwords for your hosting accounts Enabling multi-factor authentication (where available) Keeping your website software (e.g. WordPress, plugins) up to date
📞 Support
If you have any questions or would like assistance reviewing your account security, please contact our support team.
We take platform security seriously and will continue to monitor and respond to any emerging threats.
Kind regards,
Support Team
We’ll find your subscription and send you a link to login to manage your preferences.
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
We’ll use your email to save your preferences so you can update them later.
Subscribe to other services using the bell icon on the subscribe button on the status page.
You’ll no long receive any status updates from xHost Solutions Status, are you sure?
{{ error }}
We’ll no longer send you any status updates about xHost Solutions Status.