cPanel Security Incident Update - Recovery Progress

We would like to share an important update regarding the ongoing cPanel/WHM security incident (CVE-2026-41940).

Current Progress

As of this writing:

• Approximately 15% of all affected servers have been fully restored, upgraded, and secured.
• More than 30% of our hosting servers have already been successfully recovered and brought back online.

All restored systems have undergone the following measures:

• Upgraded to fully patched versions
• Fully rebuilt (OS reload) where necessary
• Security hardening and validation prior to reactivation

For security reasons and in accordance with our internal security policies, we are not publicly disclosing specific server names affected by this incident.

Why Recovery Is Taking Time

This vulnerability has been classified as critical (CVSS 9.8), as it may allow attackers to bypass authentication mechanisms and gain administrative-level access without valid credentials.

Security researchers have also confirmed:

• Active exploitation attempts in the wild
• Potential for complete server compromise, including websites, databases, email accounts, and server configurations

Due to the seriousness and scale of this incident, every affected server must undergo a comprehensive security validation and recovery process before being safely returned to production.

Our Recovery Approach

To protect our clients and infrastructure, we are following a strict security-first recovery procedure, which includes:

• Isolation of affected systems
• Full operating system reload and environment rebuild
• Upgrade to the latest patched cPanel/WHM versions
• Security hardening and access restriction implementation
• Data integrity validation and service testing
• Controlled and monitored reactivation

This process is necessary to ensure that all restored services are stable, secure, and protected against possible re-exploitation.

What This Means for Clients

• Services are being restored gradually in phases rather than simultaneously
• Security, stability, and data integrity remain our highest priorities
• Some servers and services may require additional time due to deeper validation and rebuilding requirements

Further Reading & Transparency

For clients who would like additional technical details and background information regarding this incident, please refer to the following resources:

• https://gomanilahost.net/clients/announcements/62/Critical-Security-Advisory-Temporary-Shutdown-of-cPanel-Based-Services.html
• https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
• https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting/

Next Steps

Our technical and security teams continue working around the clock to:

• Accelerate recovery efforts across remaining affected servers
• Continuously monitor for suspicious or unauthorized activity
• Ensure every restored environment meets strict security and operational standards

Ongoing Updates

We will continue posting progress updates and service advisories through the following page:

https://gomanilahost.net/clients/announcements

We sincerely appreciate your patience, understanding, and continued trust as we work through this incident with the highest commitment to security, stability, and service reliability.

Warm Regards,
GoManilaHost.Net Team

Saturday, May 2, 2026

« Back