HN
Today

CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers

cPanel just dropped three more high-severity vulnerabilities, including arbitrary Perl code execution and privilege escalation, days after a massive ransomware attack compromised 44,000 servers. This fresh batch of flaws underlines persistent security challenges for the widely used web hosting control panel, prompting urgent patching and a reevaluation of its foundational role across the internet. Hacker News users are debating the enduring prevalence and inherent risks of cPanel in the face of escalating threats, questioning its continued viability for countless small websites and shared hosting environments.

47
Score
26
Comments
#2
Highest Rank
18h
on Front Page
First Seen
May 9, 6:00 PM
Last Seen
May 10, 11:00 AM
Rank Over Time
233677101012141720212323263030

The Lowdown

In what's being dubbed a 'Black Week,' cPanel swiftly released a second emergency security patch within ten days, addressing three new high-severity vulnerabilities. This follows closely on the heels of a massive ransomware attack that exploited a separate critical authentication bypass (CVE-2026-41940) to compromise at least 44,000 web hosting servers.

  • Context: The current disclosures represent cPanel's second Technical Security Release (TSR) in a very short period, signaling an intense remediation effort triggered by the earlier, widespread ransomware incident. This suggests a deeper code audit revealed these additional problems.
  • New Vulnerabilities: The latest patch fixes CVE-2026-29201 (Arbitrary File Read, CVSS 4.3), CVE-2026-29202 (Arbitrary Perl Code Execution, CVSS 8.8), and CVE-2026-29203 (Privilege Escalation via Unsafe Symlink, CVSS 8.8). The Perl code execution and privilege escalation flaws are particularly dangerous, potentially allowing authenticated users to impact entire shared servers.
  • Ransomware Attack: The prior incident saw attackers leveraging a zero-day authentication bypass (CVE-2026-41940, CVSS 9.8) for months before a fix, deploying 'Sorry' ransomware on compromised machines.
  • Broader Implications: This incident highlights a growing trend where vulnerabilities are discovered and exploited rapidly, often exacerbated by advancements like AI-assisted security research. The article emphasizes that continuous patching, thorough verification, and proactive log review are no longer optional for cPanel operators.
  • Action Required: Users are strongly advised to apply the patch immediately using /scripts/upcp, restart cpsrvd, verify the updated version, and conduct forensic checks for any signs of the previous compromise, such as auditing access logs and scanning for .sorry files.

cPanel's rapid-fire security updates underscore the critical vulnerabilities inherent in widely deployed legacy systems and the accelerating pace of cyber threats. For those managing cPanel servers, this 'Black Week' serves as a stark reminder of the non-negotiable imperative for rigorous, ongoing security hygiene.

The Gossip

The CPanel Conundrum: Pervasiveness vs. Peril

Many commenters expressed surprise and even disbelief that cPanel remains so widely used in modern web hosting. While some questioned its continued relevance, others pointed out its enduring dominance in shared hosting, supporting a vast number of small websites and explaining that for many, the return on investment for migrating away simply hasn't been compelling enough—until now. This led to a discussion about how cPanel's widespread adoption by less technically savvy users creates a large attack surface, clashing with its frequent security vulnerabilities.

Architectural Anxieties: GUI Wrappers and Legacy Code

The discussion delved into the fundamental security implications of cPanel's architecture, particularly its role as a GUI wrapper atop the Linux ecosystem. Critics argued this design inherently encourages users to bypass learning essential system administration skills, obscuring critical information and leading to poor security practices. While some disputed the blanket statement that 'old' code is inherently insecure, the consensus leaned towards acknowledging that many legacy web panels, especially cPanel's Perl-based core, present significant security challenges due to their age, complexity, and the ease with which vulnerabilities can be chained.

The Shifting Sands of Hosting Security

Commenters explored the broader implications of these vulnerabilities for the web hosting industry. There was speculation on whether this recent spate of critical flaws would finally push shared hosting users towards more robust, modern solutions like Virtual Private Servers (VPS) or cloud platforms. Participants recognized that the 'ROI' for staying on potentially insecure legacy systems has dramatically shifted, yet also acknowledged that many non-technical users of cPanel-based hosting might remain unaware of these severe security incidents, even as their service providers may simply be layering a fancier UI over an underlying cPanel installation.