cPanel Patching
UPDATE 01:06 09/05/26: All Managed customer servers with cPanel have had the patches installed. All managed customer servers with Linux have also had mitigation put in place for DitryFrag
UPDATE – These patches have now been released, and our teams are actively rolling them out. If your server is unmanaged, please refer to the information below.
We are aware that cPanel has announced three further critical CVE patches.
At this stage, the detailed information relating to these CVEs has not been made public, and we are not currently aware of any active in-the-wild exploitation targeting systems.
Our infrastructure team continues to run continuous monitoring and patching routines across our cPanel estate. This ensures we are in a ready-to-deploy position as soon as cPanel releases the relevant updates later today.
This applies to customers running cPanel in both managed and shared hosting environments.
There has been also news on another exploit called DirtyFrag. Our teams have already patched against this within our Shared and Managed environments.
For customers on unmanaged systems running Linux Kernel versions 4.x running AlmaLinux 8.x/CloudLinux 8.x and higher you would need to ensure your systems are appropriately patched. More info on this can be found here: https://support.cpanel.net/hc/en-us/articles/40313772552727-Dirty-Frag-vulnerability-reported-for-Linux-kernel
Please let us know if you have any further queries. We will be happy to help.
We have made good progress, but there are still some remaining issues to resolve and some temporary restrictions remain in place. It will take some time to fully get to the bottom of what has happened, so please bear with us while we complete the remaining recovery work and continue our discussions with cPanel.
As we move beyond the restoration of files and services, we wanted to share some initial advice:
Please change your passwords.
We have no current evidence that customer passwords have been compromised. However, changing passwords is good practice and should form part of regular account housekeeping.
Some control panel access remains restricted.
In some cases, panel access is still locked down while we complete checks and recovery work. Please contact us if you need help and the team will support you.
Managed and unmanaged customer patching.
We will continue patching managed customer servers as cPanel release any further updates or security patches. Unmanaged customers should continue to keep their cPanel installations updated as new patches and releases become available. We will continue to publish updates and notifications on our blog pages as further patches and information are released by cPanel.
Information on Data Privacy & GDPR.
In this instance you are considered to be the Data Controller, and Easyspace the Data Processor. Under UK GDPR, the obligation to notify the ICO of a personal data breach rests with the Data Controller, not the processor. We fully respect and support your right to report this to the ICO if you believe it is necessary.
Please check your website files and remain vigilant.
If you notice anything unusual, please let us know. We are here to help and will support you through any remaining issues. Where required, we have restored files from safe backups
Thank you again for your patience and understanding over the last few days.
Please remember that this issue originated with cPanel. It has affected Easyspace, along with a wide number of other hosting providers globally. There is still some way to go, and we know some customers still need our help. We will continue to provide updates, including a timeline of events and any further feedback we receive from cPanel regarding the timing and extent of the incident.