Protect Your Servers: A Step-by-Step Patch Guide for cPanel & WHM Vulnerabilities
Introduction
Security flaws in hosting control panels can leave servers exposed to serious attacks. Recently, cPanel and WHM addressed three vulnerabilities that could allow attackers to escalate privileges, execute arbitrary code, or crash services. If you manage a cPanel server, acting quickly is essential. This guide walks you through the process of applying the latest security patches to keep your hosting environment safe.
What You Need
- Root or sudo access to your cPanel/WHM server
- SSH client (e.g., Putty, Terminal)
- WHM login credentials (admin user)
- A backup of your current configuration (recommended)
- Stable internet connection
- At least 30 minutes of maintenance window
Step-by-Step Patch Process
Step 1: Identify Your Current Version
Before updating, check which cPanel & WHM version you’re running. Log into WHM as root and look for the version number at the bottom of the interface. Alternatively, you can run this command in SSH:
/usr/local/cpanel/cpanel -VCompare the output with the latest release notes on cPanel’s changelog. If your version is older than the patched release (e.g., 11.112.x or later for the CVE fixes), proceed to the next step.
Step 2: Backup Your Server
Always create a full backup before applying critical updates. Use WHM’s Backup feature or run a manual backup via SSH:
rsync -avz /home /var/cpanel /etc /backup/This ensures you can restore quickly if anything goes wrong. Verify the backup completes without errors.
Step 3: Access WHM Update System
Log into WHM as root. Navigate to Home > Server Configuration > Update Preferences. Ensure the update tier is set to RELEASE (or CURRENT for early adopters). Then go to Home > Software > System Update to see available updates. Click Check for Updates.
Step 4: Apply the Security Patches
In the System Update interface, you’ll see a list of packages marked as updates. Look for cPanel and WHM (or cpanel RPM). Click Update Now or select all updates and apply. The process may take 10–20 minutes. You can also update via SSH with:
/scripts/upcp --upgradeThis command downloads and installs the latest cPanel & WHM build, including the three vulnerability fixes (CVE-2026-29201 and others).
Step 5: Verify the Update Installation
After the update finishes, confirm the new version is installed by checking the version number again:
/usr/local/cpanel/cpanel -VCross-reference with the patched version listed in the cPanel security announcements. Also, visit WHM > Server Information > System Health to ensure all services are running.
Step 6: Test Core Functionality
Log into WHM and cPanel as a test user. Check these critical functions:
- Email delivery (send a test message)
- DNS resolution
- FTP/WebDAV access
- PHP processing
- Database connections
If any service fails, consult the Troubleshooting Tips section below.
Step 7: Review Logs for Errors
Examine the update log for any warnings:
tail -n 100 /var/log/cpanel_upgrade.logCheck Apache and MySQL logs for unexpected errors:
tail -n 50 /usr/local/apache/logs/error_log
journalctl -u mariadb -n 30Resolve any issues immediately.
Tips for a Smooth Patch Process
1. Use a Staging Environment
If possible, apply the patch to a non-production server first. This helps you catch conflicts without impacting live websites.
2. Schedule During Low Traffic
Run the update during a maintenance window (e.g., early morning) to minimize disruption.
3. Monitor Third-Party Plugins
Some custom plugins may break after a cPanel upgrade. After patching, check all installed add-ons in WHM’s Plugins section.
4. Keep Credentials Secure
During the update, protect your root password and SSH keys. Never share them via unencrypted channels.
5. Enable Automatic Updates
To reduce future manual work, set WHM to Auto-Update under Update Preferences. Choose the RELEASE tier for stable security patches.
6. Document Your Changes
Record the version before and after the patch, along with any modifications you make. This helps during future audits.
Conclusion
Applying the latest cPanel and WHM patches is a critical step in securing your server against privilege escalation, code execution, and denial-of-service attacks. By following this guide, you’ve not only fixed the three known vulnerabilities but also strengthened your overall cybersecurity posture. Remember to maintain regular backups and stay subscribed to cPanel security announcements. For further reading, visit the official cPanel Changelog.
Need Help?
If you encounter any difficulties during the update, contact your hosting provider or consult the cPanel forums.
Related Articles
- 8 Key Takeaways from Tim Cook's Earnings Call: No New Macs or iPads Until September?
- Rust 1.95.0 Ships with cfg_select! Macro and Expanded Pattern Matching
- Supreme Court Deals Blow to Voting Rights, Clears Path for Racial Redistricting
- Apple's iOS 27 to Overhaul Siri, Add Satellite Internet, and Prioritize Stability
- 5 Game-Changing Mods You Can Build with the Steam Controller CAD Files
- What You Need to Know About Allocating on the Stack
- KDE Plasma 6.6.5 Resolves NVIDIA Performance Woes, Plasma 6.7 Preview Unveils New Capabilities
- AI Coding Agents Force Rethink of Test-Driven Development: 'Harness' Design Emerges as Critical Skill