Critical Linux Kernel Security Maintenance (CVE-2026-46333)
Investigating:
Right on the heels of the recent Fragnesia patching, a new Linux kernel ptrace exit-race vulnerability (CVE-2026-46333) has been publicly disclosed. This flaw could theoretically allow a local unprivileged user to read root-owned secrets (such as SSH host private keys or shadow password databases).
Current Status & Defense-in-Depth:
Our security posture severely limits the blast radius of this vulnerability due to our core infrastructure choices:
1. CageFS Protection Active: Because all of our shared hosting environments utilize CageFS, the targeted system binaries (/usr/bin/chage and ssh-keysign) are entirely absent from the caged filesystem view. End-users cannot reach or execute these binaries, neutralizing the known public exploit path out of the box.
Imunify360 Monitoring: Our active Imunify360 security layers are monitoring process behavior for any anomalous ptrace attachment attempts.
KernelCare Livepatches: The KernelCare team has already completed their patch analysis and the automated rebootless livepatches are currently rolling through the build and deployment pipeline.
Next Steps:
We are actively auditing all nodes and staging the deployment of the KernelCare livepatch (kcarectl --update --prefix test) as it clears validation. This security maintenance will be performed entirely in the background with zero service disruption or downtime to cPanel, LiteSpeed, or network operations.
Further updates will be posted here as the patches finish rolling out.
Right on the heels of the recent Fragnesia patching, a new Linux kernel ptrace exit-race vulnerability (CVE-2026-46333) has been publicly disclosed. This flaw could theoretically allow a local unprivileged user to read root-owned secrets (such as SSH host private keys or shadow password databases).
Current Status & Defense-in-Depth:
Our security posture severely limits the blast radius of this vulnerability due to our core infrastructure choices:
1. CageFS Protection Active: Because all of our shared hosting environments utilize CageFS, the targeted system binaries (/usr/bin/chage and ssh-keysign) are entirely absent from the caged filesystem view. End-users cannot reach or execute these binaries, neutralizing the known public exploit path out of the box.
Imunify360 Monitoring: Our active Imunify360 security layers are monitoring process behavior for any anomalous ptrace attachment attempts.
KernelCare Livepatches: The KernelCare team has already completed their patch analysis and the automated rebootless livepatches are currently rolling through the build and deployment pipeline.
Next Steps:
We are actively auditing all nodes and staging the deployment of the KernelCare livepatch (kcarectl --update --prefix test) as it clears validation. This security maintenance will be performed entirely in the background with zero service disruption or downtime to cPanel, LiteSpeed, or network operations.
Further updates will be posted here as the patches finish rolling out.
Identified
Investigating:
Right on the heels of the recent Fragnesia patching, a new Linux kernel ptrace exit-race vulnerability (CVE-2026-46333) has been publicly disclosed. This flaw could theoretically allow a local unprivileged user to read root-owned secrets (such as SSH host private keys or shadow password databases).
Current Status & Defense-in-Depth:
Our security posture severely limits the blast radius of this vulnerability due to our core infrastructure choices:
1. CageFS Protection Active: Because all of our shared hosting environments utilize CageFS, the targeted system binaries (/usr/bin/chage and ssh-keysign) are entirely absent from the caged filesystem view. End-users cannot reach or execute these binaries, neutralizing the known public exploit path out of the box.
Imunify360 Monitoring: Our active Imunify360 security layers are monitoring process behavior for any anomalous ptrace attachment attempts.
KernelCare Livepatches: The KernelCare team has already completed their patch analysis and the automated rebootless livepatches are currently rolling through the build and deployment pipeline.
Next Steps:
We are actively auditing all nodes and staging the deployment of the KernelCare livepatch (kcarectl --update --prefix test) as it clears validation. This security maintenance will be performed entirely in the background with zero service disruption or downtime to cPanel, LiteSpeed, or network operations.
Further updates will be posted here as the patches finish rolling out.
Investigating:
Right on the heels of the recent Fragnesia patching, a new Linux kernel ptrace exit-race vulnerability (CVE-2026-46333) has been publicly disclosed. This flaw could theoretically allow a local unprivileged user to read root-owned secrets (such as SSH host private keys or shadow password databases).
Current Status & Defense-in-Depth:
Our security posture severely limits the blast radius of this vulnerability due to our core infrastructure choices:
1. CageFS Protection Active: Because all of our shared hosting environments utilize CageFS, the targeted system binaries (/usr/bin/chage and ssh-keysign) are entirely absent from the caged filesystem view. End-users cannot reach or execute these binaries, neutralizing the known public exploit path out of the box.
Imunify360 Monitoring: Our active Imunify360 security layers are monitoring process behavior for any anomalous ptrace attachment attempts.
KernelCare Livepatches: The KernelCare team has already completed their patch analysis and the automated rebootless livepatches are currently rolling through the build and deployment pipeline.
Next Steps:
We are actively auditing all nodes and staging the deployment of the KernelCare livepatch (kcarectl --update --prefix test) as it clears validation. This security maintenance will be performed entirely in the background with zero service disruption or downtime to cPanel, LiteSpeed, or network operations.
Further updates will be posted here as the patches finish rolling out.
URGENT: Critical Linux Kernel Security Maintenance (Fragnesia) on 13 May 2026 15:13:54 (UTC-06:00)
Resolved 3hr 25min ago
Incident Update — Resolved
We have successfully completed livepatching across our entire infrastructure. All shared hosting nodes and production fleets are now 100% secured against the Fragnesia vulnerability (CVE-2026-46300).
Final Actions Taken:
KernelCare Livepatches Applied: All servers have successfully pulled and applied the latest secure kernel binaries.
Temporary Mitigations Removed: Because our kernels are natively protected, the temporary module-blocking configuration (dirtyfrag.conf) has been safely removed.
Page Caches Flushed: We have completed a final purge of the system page caches across all nodes to guarantee complete system binary integrity.
As promised, this security maintenance was completed entirely via rebootless patching, resulting in zero downtime for any of our client sites, databases, or mail services. No further action is required from our managed hosting clients.
Incident Update — Resolved
We have successfully completed livepatching across our entire infrastructure. All shared hosting nodes and production fleets are now 100% secured against the Fragnesia vulnerability (CVE-2026-46300).
Final Actions Taken:
KernelCare Livepatches Applied: All servers have successfully pulled and applied the latest secure kernel binaries.
Temporary Mitigations Removed: Because our kernels are natively protected, the temporary module-blocking configuration (dirtyfrag.conf) has been safely removed.
Page Caches Flushed: We have completed a final purge of the system page caches across all nodes to guarantee complete system binary integrity.
As promised, this security maintenance was completed entirely via rebootless patching, resulting in zero downtime for any of our client sites, databases, or mail services. No further action is required from our managed hosting clients.
In progress on 14 May 2026 08:40:32 (UTC-06:00)
Update
We are patching all nodes of this new Linux kernel CVE. No downtime is expected as we do reboot less patching. Once we are finished we will update once again.
Update
We are patching all nodes of this new Linux kernel CVE. No downtime is expected as we do reboot less patching. Once we are finished we will update once again.
Identified on 13 May 2026 15:13:54 (UTC-06:00)
Incident Description:
A new critical Linux kernel vulnerability, Fragnesia (CVE-2026-46300), has been identified. This is a Local Privilege Escalation (LPE) flaw that could allow an unprivileged user to gain root access.
Action Taken:
We are taking immediate proactive steps to secure all shared hosting nodes:
Livepatching: We are deploying immediate fixes via KernelCare across our entire fleet to protect the kernel without requiring server reboots.
Proactive Mitigation: We have temporarily disabled affected kernel modules (esp4/esp6) to close the vulnerability path.
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
* Cache Clearing: We are flushing the system page cache to ensure binary integrity.
sudo sh -c "echo 3 > /proc/sys/vm/drop_caches"
We recommend clients that have cPanel or shared hosting servers not under our fully managed support to do the same. Customers running on our cPanel web hosting, WHM reseller or agency hosting plans are already patched.
Impact:
There is no expected downtime for websites or email services. Standard cPanel/LiteSpeed operations remain unaffected.
Reference: Detailed technical information is available via the [CloudLinux Security Advisory](https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update).
Incident Description:
A new critical Linux kernel vulnerability, Fragnesia (CVE-2026-46300), has been identified. This is a Local Privilege Escalation (LPE) flaw that could allow an unprivileged user to gain root access.
Action Taken:
We are taking immediate proactive steps to secure all shared hosting nodes:
Livepatching: We are deploying immediate fixes via KernelCare across our entire fleet to protect the kernel without requiring server reboots.
Proactive Mitigation: We have temporarily disabled affected kernel modules (esp4/esp6) to close the vulnerability path.
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
* Cache Clearing: We are flushing the system page cache to ensure binary integrity.
sudo sh -c "echo 3 > /proc/sys/vm/drop_caches"
We recommend clients that have cPanel or shared hosting servers not under our fully managed support to do the same. Customers running on our cPanel web hosting, WHM reseller or agency hosting plans are already patched.
Impact:
There is no expected downtime for websites or email services. Standard cPanel/LiteSpeed operations remain unaffected.
Reference: Detailed technical information is available via the [CloudLinux Security Advisory](https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update).
Security Maintenance for Client Area Dashboard on 13 May 2026 09:11:51 (UTC-06:00)
Resolved on 14 May 2026 08:41:46 (UTC-06:00)
Update
We have fully patched our client area dashboard. All systems are working normally.
Update
We have fully patched our client area dashboard. All systems are working normally.
Monitoring on 13 May 2026 12:32:28 (UTC-06:00)
We have updated our client area dashboard. If you have any issues please let us know.
We will continue to monitor this for some time and run a few more updates. All client area access has been restored.
We have updated our client area dashboard. If you have any issues please let us know.
We will continue to monitor this for some time and run a few more updates. All client area access has been restored.
Investigating on 13 May 2026 09:11:51 (UTC-06:00)
We are performing an emergency maintenance window to apply a Targeted Security Release from our billing software.
During this time you may experience downtime while we apply our emergency fixes.
We will update you as more information comes in.
We are performing an emergency maintenance window to apply a Targeted Security Release from our billing software.
During this time you may experience downtime while we apply our emergency fixes.
We will update you as more information comes in.
URGENT: cPanel Security Patch Maintenance (May 13) on 12 May 2026 22:51:52 (UTC-06:00)
Resolved on 13 May 2026 12:30:28 (UTC-06:00)
All infrastructure nodes have been successfully updated to a verified safe version (11.134.0.26). All systems are now protected against the recently identified CVEs. No further downtime or impact is expected.
All infrastructure nodes have been successfully updated to a verified safe version (11.134.0.26). All systems are now protected against the recently identified CVEs. No further downtime or impact is expected.
In progress on 13 May 2026 11:50:16 (UTC-06:00)
The patch has been released and we are updating all nodes now. As soon as the servers have been updated we will release another update on our status page.
The patch has been released and we are updating all nodes now. As soon as the servers have been updated we will release another update on our status page.
Investigating on 12 May 2026 22:51:52 (UTC-06:00)
We are performing an emergency maintenance window to apply a Targeted Security Release from cPanel across all hosting nodes.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
We are performing an emergency maintenance window to apply a Targeted Security Release from cPanel across all hosting nodes.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
SCHEDULED MAINTENANCE: Migration from crispr to dragon (May 18) on 12 May 2026 14:53:55 (UTC-06:00)
Scheduled
We are performing a mandatory migration of all accounts on our legacy node, crispr.fah-dc3-ds.com, to our new high-performance node: dragon.fah-dc3-ds.com.
Why are we doing this?
Performance: The dragon node provides significantly more stability and power.
Security: We are phasing out older operating systems for a more secure environment.
Free Upgrade: This move includes a performance boost at no additional cost.
Maintenance Window:
Date: May 18th, 2026
Time: 1:00 AM – 7:00 AM MST (Denver, Colorado)
Impact: You may experience intermittent or full downtime during this 6-hour downtime window as cPanels are transferred.
Action Required:
Standard Nameservers: No action is required.
Private/Custom Nameservers: You must update your IPs to
If you wish to migrate early, please reply to our recent email or open a support ticket.
We are performing a mandatory migration of all accounts on our legacy node, crispr.fah-dc3-ds.com, to our new high-performance node: dragon.fah-dc3-ds.com.
Why are we doing this?
Performance: The dragon node provides significantly more stability and power.
Security: We are phasing out older operating systems for a more secure environment.
Free Upgrade: This move includes a performance boost at no additional cost.
Maintenance Window:
Date: May 18th, 2026
Time: 1:00 AM – 7:00 AM MST (Denver, Colorado)
Impact: You may experience intermittent or full downtime during this 6-hour downtime window as cPanels are transferred.
Action Required:
Standard Nameservers: No action is required.
Private/Custom Nameservers: You must update your IPs to
104.37.191.2 and 104.37.191.3. Please check your client area tickets for coordination with our agents.If you wish to migrate early, please reply to our recent email or open a support ticket.