cPanel has released its Targeted Security Release to address security concerns with the cPanel & WHM product. These updates are currently available to all customers via the standard update system.
cPanel has rated this update as having a CVSSv3.1 score of 3.9 to 5.3. For more information on ratings, please visit our documentation.
Is there any action required?
If you have disabled cPanel & WHM automatic updates, please update your cPanel & WHM installations at your earliest convenience.
If you have configured cPanel & WHM servers to automatically update, no action is required. Your servers will automatically update.
To avoid service interruptions, please ensure you are on one of the following secure versions:
- 94.0.16 or greater
- 98.0.8 or greater
There is no reason to believe that these vulnerabilities have been made known to the public. cPanel will release additional information tomorrow regarding the nature of the security issue via the cPanel Newsroom.
For the latest information on cPanel & WHM releases, please visit our cPanel Downloads page.
For more information on the cPanel & WHM Versions and Release Process, please refer to our documentation.
For the PGP-Signed message please see TSR-2021-0005.announcement.signed.