We are aware of the recently disclosed critical authentication bypass vulnerability (CVE-2026-41940) affecting cPanel and WHM. This issue allows unauthenticated remote attackers to gain root-level access on unpatched servers.

  • Our Linux hosting platform uses cPanel.
  • We use two control panels across our infrastructure: cPanel for Linux shared, and our custom WebsitePanel for all Windows hosting and reseller hosting.
  • Windows resellers use WebsitePanel exclusively and are completely unaffected by this vulnerability.
  • As soon as the vulnerability was publicly disclosed, our team immediately applied the official patches across all affected cPanel/WHM servers.
  • All Linux shared hosting, reseller hosting, and cPanel-based VPS environments have been updated to patched versions.

All ASPnix customers are safe. No action is required on your part. Your accounts, websites, databases, and email were never at risk from this vulnerability on our platform.

We take security extremely seriously and maintain a rapid patching process for critical issues like this one. Our monitoring systems confirmed successful deployment of the fixes with zero downtime for customers.

What we recommend (good practice for any host)

Even though ASPnix servers were never vulnerable, we always encourage best practices:

  • Use strong, unique passwords
  • Enable two-factor authentication or passkeys
  • Keep your own software and CMS platforms up to date

If you have any questions or would like us to review your specific account’s security settings, feel free to open a support ticket. Our team is here to help 24/7.

Stay secure,

The ASPnix Team