Critical Security Advisory: Linux Kernel & cPanel Patches
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
Critical Security Advisory: Linux Kernel & cPanel Patches 22hr 39min ago
Update 11hr 38min ago
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
Identified 21hr 8min ago
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
Investigating 22hr 39min ago
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.
Performance Alert: Increased CPU Load Detected on crispr.fah-dc3-ds.com on 7 May 2026 18:39:07 (UTC-06:00)
Resolved 23hr 4min ago
RESOLVED: Monitoring has been completed, and Node 01: Crispr is confirmed to be stable and in good health. Performance metrics have remained within normal ranges, and all services are fully operational. We appreciate your patience while we worked to resolve this load spike.
RESOLVED: Monitoring has been completed, and Node 01: Crispr is confirmed to be stable and in good health. Performance metrics have remained within normal ranges, and all services are fully operational. We appreciate your patience while we worked to resolve this load spike.
Monitoring on 7 May 2026 18:52:20 (UTC-06:00)
UPDATE: The server load on Node 01: Crispr has stabilized and returned to normal operating parameters. We have successfully mitigated the source of the high CPU usage and will continue to monitor the node closely to ensure sustained performance. All services are currently fully operational.
UPDATE: The server load on Node 01: Crispr has stabilized and returned to normal operating parameters. We have successfully mitigated the source of the high CPU usage and will continue to monitor the node closely to ensure sustained performance. All services are currently fully operational.
In progress on 7 May 2026 18:43:06 (UTC-06:00)
UPDATE:
We have identified a specific account on the Node 01: Crispr server causing excessive resource usage. We have implemented temporary resource throttling for the affected account to restore stability to the rest of the node. Load averages are currently returning to normal levels, and we are monitoring the situation closely.
UPDATE:
We have identified a specific account on the Node 01: Crispr server causing excessive resource usage. We have implemented temporary resource throttling for the affected account to restore stability to the rest of the node. Load averages are currently returning to normal levels, and we are monitoring the situation closely.
Identified on 7 May 2026 18:39:07 (UTC-06:00)
We have detected an unusual spike in CPU load on the Node 01: Crispr server. Our technical team is actively investigating the cause and working to stabilize performance. You may experience intermittent slowness while this is being addressed.
We will provide further updates as the situation evolves.
We have detected an unusual spike in CPU load on the Node 01: Crispr server. Our technical team is actively investigating the cause and working to stabilize performance. You may experience intermittent slowness while this is being addressed.
We will provide further updates as the situation evolves.
Temporary Suspension of Shell Access to all customers on 30 Apr 2026 18:49:59 (UTC-06:00)
Resolved on 1 May 2026 20:55:36 (UTC-06:00)
We have successfully applied and verified the security patches for CVE-2026-31431 across all hosting nodes.
Access Update: Standard SSH and shell-based access have been fully re-enabled for all users.
All services remained operational during this window, and no reboots were required. We have confirmed that all kernels are now 100% secure against the "Copy Fail" vulnerability. Thank you for your patience while we prioritized this critical maintenance.
We have successfully applied and verified the security patches for CVE-2026-31431 across all hosting nodes.
Access Update: Standard SSH and shell-based access have been fully re-enabled for all users.
All services remained operational during this window, and no reboots were required. We have confirmed that all kernels are now 100% secure against the "Copy Fail" vulnerability. Thank you for your patience while we prioritized this critical maintenance.
Identified on 30 Apr 2026 18:49:59 (UTC-06:00)
We have temporarily disabled all SSH and shell-based access across our hosting nodes as a precautionary measure in response to a recently identified critical Linux kernel security vulnerability.
At this time:
All website, email, and hosting services remain fully operational
Only SSH and shell access are affected
This action has been taken out of an abundance of caution to further reduce any potential risk while upstream patches are being finalized and fully verified.
Our team is actively monitoring the situation and will restore shell access once we have confirmed that all systems are fully secured.
We will continue to provide updates as new information becomes available.
Thank you for your understanding.
We have temporarily disabled all SSH and shell-based access across our hosting nodes as a precautionary measure in response to a recently identified critical Linux kernel security vulnerability.
At this time:
All website, email, and hosting services remain fully operational
Only SSH and shell access are affected
This action has been taken out of an abundance of caution to further reduce any potential risk while upstream patches are being finalized and fully verified.
Our team is actively monitoring the situation and will restore shell access once we have confirmed that all systems are fully secured.
We will continue to provide updates as new information becomes available.
Thank you for your understanding.
Emergency Security Maintenance on 30 Apr 2026 14:08:21 (UTC-06:00)
Resolved on 30 Apr 2026 18:48:53 (UTC-06:00)
Update:
Core systems are fully operational.
Update:
Core systems are fully operational.
Update on 30 Apr 2026 17:14:14 (UTC-06:00)
Update:
Fusionarchosting.com and the client area have been restored.
Update:
Fusionarchosting.com and the client area have been restored.
Update on 30 Apr 2026 16:03:42 (UTC-06:00)
Update:
We are aware of the main Fusionarchosting.com website being down. In the meantime if you need assistance please contact us at this link for live chat:
https://tawk.to/chat/6035325c918aa2612741e81e/1hvns0t0j
Update:
We are aware of the main Fusionarchosting.com website being down. In the meantime if you need assistance please contact us at this link for live chat:
https://tawk.to/chat/6035325c918aa2612741e81e/1hvns0t0j
Identified on 30 Apr 2026 14:08:21 (UTC-06:00)
We are applying proactive kernel-level security updates across all hosting nodes.
Short service interruptions may occur during this window.
We are applying proactive kernel-level security updates across all hosting nodes.
Short service interruptions may occur during this window.
cPanel Access Issues on cPanel, WHM, and Webmail Panels on 28 Apr 2026 17:54:38 (UTC-06:00)
Update on 30 Apr 2026 12:19:13 (UTC-06:00)
Update
Network upstream partners have unblocked the ports. All nodes are online.
Update
Network upstream partners have unblocked the ports. All nodes are online.
Update on 29 Apr 2026 07:28:44 (UTC-06:00)
Update
While we await our upstream network partners to lift the global port restrictions, we have implemented a custom access patch for our customers under the crispr server. You can now access your management panels via the following secure URLs, which bypass the currently blocked ports:
cPanel:
https://cpanel.crispr.fah-dc3-ds.com/
Webmail:
https://webmail.crispr.fah-dc3-ds.com/
WHM:
https://whm.crispr.fah-dc3-ds.com/
We are continuing to monitor the situation with our network partners and will restore standard access as soon as the port blocks are released. If you encounter any issues with these links, please reach out to our support team.
Update
While we await our upstream network partners to lift the global port restrictions, we have implemented a custom access patch for our customers under the crispr server. You can now access your management panels via the following secure URLs, which bypass the currently blocked ports:
cPanel:
https://cpanel.crispr.fah-dc3-ds.com/
Webmail:
https://webmail.crispr.fah-dc3-ds.com/
WHM:
https://whm.crispr.fah-dc3-ds.com/
We are continuing to monitor the situation with our network partners and will restore standard access as soon as the port blocks are released. If you encounter any issues with these links, please reach out to our support team.
Update on 28 Apr 2026 18:35:05 (UTC-06:00)
Update
We have successfully completed emergency patching across our entire infrastructure. All Fusion Arc Hosting nodes are now running the secured version of cPanel/WHM (134.0.20 or above).
Access Restoration:
Restored: Full access to cPanel, WHM, and Webmail has been restored for the majority of our network.
Pending [Crispr.fah-dc3-ds.com]: While the Crispr node itself is fully patched and secure, our Data Center partner is still maintaining a network-level block on this specific segment and server rack.
What this means for Crispr clients:
You will continue to see "Connection Timed Out" errors when trying to reach ports 2083 (cPanel), 2087 (WHM), and 2096 (Webmail). We are in active communication with the partner NOC to have this final block removed as soon as possible.
Important: All websites, databases, and standard email services on the Crispr node remain fully operational and online.
We will provide the final "All Clear" once the data center and network partner releases the port blocks for this remaining node.
Update
We have successfully completed emergency patching across our entire infrastructure. All Fusion Arc Hosting nodes are now running the secured version of cPanel/WHM (134.0.20 or above).
Access Restoration:
Restored: Full access to cPanel, WHM, and Webmail has been restored for the majority of our network.
Pending [Crispr.fah-dc3-ds.com]: While the Crispr node itself is fully patched and secure, our Data Center partner is still maintaining a network-level block on this specific segment and server rack.
What this means for Crispr clients:
You will continue to see "Connection Timed Out" errors when trying to reach ports 2083 (cPanel), 2087 (WHM), and 2096 (Webmail). We are in active communication with the partner NOC to have this final block removed as soon as possible.
Important: All websites, databases, and standard email services on the Crispr node remain fully operational and online.
We will provide the final "All Clear" once the data center and network partner releases the port blocks for this remaining node.
Identified on 28 Apr 2026 17:54:38 (UTC-06:00)
We are currently responding to a critical authentication vulnerability affecting all versions of cPanel & WHM. This is a high-priority security event, and our team is taking immediate action to secure our infrastructure.
Our Response
Emergency Patching: We have initiated a fleet-wide update across all Fusion Arc nodes.
Proactive Mitigation: All remaining nodes are being patched as an immediate priority.
Access Restrictions
To ensure total environment safety, our NOC team has implemented temporary network-level blocks on all cPanel-related ports to prevent unauthorized exploit attempts.
Affected Ports: 2083 (cPanel), 2087 (WHM), 2096 (Webmail).
Access: Control panels and Webmail will remain inaccessible via web browsers until these blocks are lifted by our NOC.
Service Impact
Websites: ONLINE. No impact to live websites, applications, or databases.
Email: ACTIVE. Mail delivery is functioning normally. Please use local mail clients (Outlook, Apple Mail, mobile devices) to access your mail, as Webmail is temporarily restricted.
Next Steps
We are monitoring the patching progress closely. Full access will be restored the moment the network-wide blocks are lifted and all environments are confirmed secure.
We are currently responding to a critical authentication vulnerability affecting all versions of cPanel & WHM. This is a high-priority security event, and our team is taking immediate action to secure our infrastructure.
Our Response
Emergency Patching: We have initiated a fleet-wide update across all Fusion Arc nodes.
Proactive Mitigation: All remaining nodes are being patched as an immediate priority.
Access Restrictions
To ensure total environment safety, our NOC team has implemented temporary network-level blocks on all cPanel-related ports to prevent unauthorized exploit attempts.
Affected Ports: 2083 (cPanel), 2087 (WHM), 2096 (Webmail).
Access: Control panels and Webmail will remain inaccessible via web browsers until these blocks are lifted by our NOC.
Service Impact
Websites: ONLINE. No impact to live websites, applications, or databases.
Email: ACTIVE. Mail delivery is functioning normally. Please use local mail clients (Outlook, Apple Mail, mobile devices) to access your mail, as Webmail is temporarily restricted.
Next Steps
We are monitoring the patching progress closely. Full access will be restored the moment the network-wide blocks are lifted and all environments are confirmed secure.