Start Your Website Today with AquaHost — Only ₹30/month Professional Hosting Made Affordable Free SSL Certificate Indian Datacenter Singapore Datacenter Finland Datacenter Start Your Website Today with AquaHost — Only ₹30/month Professional Hosting Made Affordable Free SSL Certificate Indian Datacenter Singapore Datacenter Finland Datacenter

Announcements

Latest News & Updates

Important service notices, maintenance updates, feature announcements, and platform-related communication from Aquahost.

Latest News & Updates
Latest News & Updates
Shared notification view

Critical Security Advisory – cPanel Vulnerability (CVE-2026-41940)

Posted on April 30, 2026 Notification ID #108


Dear Clients,

We are issuing this advisory regarding a critical security vulnerability (CVE-2026-41940) identified in cPanel & WHM. This vulnerability has been actively exploited in the wild and may allow unauthorized access to affected servers.

Official Advisory:
https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026


Incident Overview

Based on industry reports and observed cases, attackers are:

• Scanning for unpatched cPanel servers
• Gaining unauthorized access via authentication bypass
• Deploying a malicious binary (commonly named nuclear.x86)
• Executing it, removing traces, and re-running it periodically
• Performing full system reconnaissance and data access

Potential Impact

If a server was exposed or compromised, the following must be assumed at risk:

• Root/server access credentials
• SSH private keys and authorized access
• Password hashes (including system and database)
• Command history and environment data
• Website/application credentials stored on the server

Note: Website files and databases may appear intact, but hidden access or backdoors may still exist.


Immediate Actions Required

1. Update cPanel Immediately

/scripts/upcp --force

If immediate update is not possible, temporarily disable access:

whmapi1 configureservice service=cpsrvd enabled=0 monitored=0 &&
whmapi1 configureservice service=cpdavd enabled=0 monitored=0 &&
/scripts/restartsrv_cpsrvd --stop &&
/scripts/restartsrv_cpdavd --stop


2. Check for Active Malware

pkill -9 -f "nuclear.x86"
ps auxf | grep -i nuclear

Verification:

wget google.com

If the response shows “Killed”, malware may still be active.


3. Rotate All Credentials

Immediately update:

• WHM/cPanel passwords
• SSH keys (regenerate and replace everywhere)
• FTP/SFTP accounts
• Email accounts
• Database credentials
• API keys, SMTP credentials, webhooks
• CMS/admin panel logins


4. Audit for Unauthorized Access

Carefully review:

• Cron jobs
• FTP accounts
• Email forwarders
• SSH authorized keys
• Recently modified or unknown files (especially in public_html)


Important Considerations

• This is a system-level security issue, not limited to cPanel UI or license
• Even if malware is not currently detected, prior exposure may still result in compromise
• Partial cleanup may not fully eliminate hidden access mechanisms


Recommended Action

For maximum security and long-term stability:

• Perform a full OS reinstallation and fresh cPanel setup
• Restore only verified clean backups
• Apply updates and security hardening before going live


We strongly advise all clients to take this advisory seriously and act immediately to secure their servers.


All Notifications

50 updates available

Service Restoration Notice – VPS Node Server Online

Service Restoration Notice – VPS Node Server Online Dear Customers, We are pleased to inform you that the network issue affecting the VPS node has been resolved. ...

Read full update

VPS Node Server Down – Network Issue Under Investigation

Service Announcement – VPS Node Network Issue Dear Customers, We would like to inform you that we are currently experiencing a network issue affecting one of our V...

Read full update

Important Announcement for Offshore DMCA Ignored Hosting Customers

Dear Customers, This announcement applies only to customers using our Offshore DMCA Ignored Hosting services. Recently, the offshore hosting server experienced a c...

Read full update

Offshore Hosting Migration in Progress – Temporary Service Interruptions Possible

Important Notice for Offshore Hosting Customers Dear Customers, We would like to inform you that a migration process is currently being performed on our Offshore H...

Read full update

Offshore Hosting Downtime – Network Team Working on Resolution

Important Announcement for Offshore Hosting Customers Dear Customers, We would like to inform you that some Offshore Hosting services are currently experiencing co...

Read full update

Resolved: Offshore Hosting Service Interruption

Service Restoration Notice – Offshore Hosting Services Dear Customers, We are pleased to inform you that the technical issue affecting some Offshore Hosting servic...

Read full update
Link copied successfully