URGENT: Critical Linux Kernel Security Maintenance (Fragnesia)
Incident Description:
A new critical Linux kernel vulnerability, Fragnesia (CVE-2026-46300), has been identified. This is a Local Privilege Escalation (LPE) flaw that could allow an unprivileged user to gain root access.
Action Taken:
We are taking immediate proactive steps to secure all shared hosting nodes:
Livepatching: We are deploying immediate fixes via KernelCare across our entire fleet to protect the kernel without requiring server reboots.
Proactive Mitigation: We have temporarily disabled affected kernel modules (esp4/esp6) to close the vulnerability path.
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
* Cache Clearing: We are flushing the system page cache to ensure binary integrity.
sudo sh -c "echo 3 > /proc/sys/vm/drop_caches"
We recommend clients that have cPanel or shared hosting servers not under our fully managed support to do the same. Customers running on our cPanel web hosting, WHM reseller or agency hosting plans are already patched.
Impact:
There is no expected downtime for websites or email services. Standard cPanel/LiteSpeed operations remain unaffected.
Reference: Detailed technical information is available via the [CloudLinux Security Advisory](https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update).
A new critical Linux kernel vulnerability, Fragnesia (CVE-2026-46300), has been identified. This is a Local Privilege Escalation (LPE) flaw that could allow an unprivileged user to gain root access.
Action Taken:
We are taking immediate proactive steps to secure all shared hosting nodes:
Livepatching: We are deploying immediate fixes via KernelCare across our entire fleet to protect the kernel without requiring server reboots.
Proactive Mitigation: We have temporarily disabled affected kernel modules (esp4/esp6) to close the vulnerability path.
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
* Cache Clearing: We are flushing the system page cache to ensure binary integrity.
sudo sh -c "echo 3 > /proc/sys/vm/drop_caches"
We recommend clients that have cPanel or shared hosting servers not under our fully managed support to do the same. Customers running on our cPanel web hosting, WHM reseller or agency hosting plans are already patched.
Impact:
There is no expected downtime for websites or email services. Standard cPanel/LiteSpeed operations remain unaffected.
Reference: Detailed technical information is available via the [CloudLinux Security Advisory](https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update).
Identified
Incident Description:
A new critical Linux kernel vulnerability, Fragnesia (CVE-2026-46300), has been identified. This is a Local Privilege Escalation (LPE) flaw that could allow an unprivileged user to gain root access.
Action Taken:
We are taking immediate proactive steps to secure all shared hosting nodes:
Livepatching: We are deploying immediate fixes via KernelCare across our entire fleet to protect the kernel without requiring server reboots.
Proactive Mitigation: We have temporarily disabled affected kernel modules (esp4/esp6) to close the vulnerability path.
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
* Cache Clearing: We are flushing the system page cache to ensure binary integrity.
sudo sh -c "echo 3 > /proc/sys/vm/drop_caches"
We recommend clients that have cPanel or shared hosting servers not under our fully managed support to do the same. Customers running on our cPanel web hosting, WHM reseller or agency hosting plans are already patched.
Impact:
There is no expected downtime for websites or email services. Standard cPanel/LiteSpeed operations remain unaffected.
Reference: Detailed technical information is available via the [CloudLinux Security Advisory](https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update).
Incident Description:
A new critical Linux kernel vulnerability, Fragnesia (CVE-2026-46300), has been identified. This is a Local Privilege Escalation (LPE) flaw that could allow an unprivileged user to gain root access.
Action Taken:
We are taking immediate proactive steps to secure all shared hosting nodes:
Livepatching: We are deploying immediate fixes via KernelCare across our entire fleet to protect the kernel without requiring server reboots.
Proactive Mitigation: We have temporarily disabled affected kernel modules (esp4/esp6) to close the vulnerability path.
sudo sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
* Cache Clearing: We are flushing the system page cache to ensure binary integrity.
sudo sh -c "echo 3 > /proc/sys/vm/drop_caches"
We recommend clients that have cPanel or shared hosting servers not under our fully managed support to do the same. Customers running on our cPanel web hosting, WHM reseller or agency hosting plans are already patched.
Impact:
There is no expected downtime for websites or email services. Standard cPanel/LiteSpeed operations remain unaffected.
Reference: Detailed technical information is available via the [CloudLinux Security Advisory](https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update).
Security Maintenance for Client Area Dashboard 16hr 14min ago
Monitoring 12hr 53min ago
We have updated our client area dashboard. If you have any issues please let us know.
We will continue to monitor this for some time and run a few more updates. All client area access has been restored.
We have updated our client area dashboard. If you have any issues please let us know.
We will continue to monitor this for some time and run a few more updates. All client area access has been restored.
Investigating 16hr 14min ago
We are performing an emergency maintenance window to apply a Targeted Security Release from our billing software.
During this time you may experience downtime while we apply our emergency fixes.
We will update you as more information comes in.
We are performing an emergency maintenance window to apply a Targeted Security Release from our billing software.
During this time you may experience downtime while we apply our emergency fixes.
We will update you as more information comes in.
URGENT: cPanel Security Patch Maintenance (May 13) on 12 May 2026 22:51:52 (UTC-06:00)
Resolved 12hr 55min ago
All infrastructure nodes have been successfully updated to a verified safe version (11.134.0.26). All systems are now protected against the recently identified CVEs. No further downtime or impact is expected.
All infrastructure nodes have been successfully updated to a verified safe version (11.134.0.26). All systems are now protected against the recently identified CVEs. No further downtime or impact is expected.
In progress 13hr 35min ago
The patch has been released and we are updating all nodes now. As soon as the servers have been updated we will release another update on our status page.
The patch has been released and we are updating all nodes now. As soon as the servers have been updated we will release another update on our status page.
Investigating on 12 May 2026 22:51:52 (UTC-06:00)
We are performing an emergency maintenance window to apply a Targeted Security Release from cPanel across all hosting nodes.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
We are performing an emergency maintenance window to apply a Targeted Security Release from cPanel across all hosting nodes.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
SCHEDULED MAINTENANCE: Migration from crispr to dragon (May 18) on 12 May 2026 14:53:55 (UTC-06:00)
Scheduled
We are performing a mandatory migration of all accounts on our legacy node, crispr.fah-dc3-ds.com, to our new high-performance node: dragon.fah-dc3-ds.com.
Why are we doing this?
Performance: The dragon node provides significantly more stability and power.
Security: We are phasing out older operating systems for a more secure environment.
Free Upgrade: This move includes a performance boost at no additional cost.
Maintenance Window:
Date: May 18th, 2026
Time: 1:00 AM – 7:00 AM MST (Denver, Colorado)
Impact: You may experience intermittent or full downtime during this 6-hour downtime window as cPanels are transferred.
Action Required:
Standard Nameservers: No action is required.
Private/Custom Nameservers: You must update your IPs to
If you wish to migrate early, please reply to our recent email or open a support ticket.
We are performing a mandatory migration of all accounts on our legacy node, crispr.fah-dc3-ds.com, to our new high-performance node: dragon.fah-dc3-ds.com.
Why are we doing this?
Performance: The dragon node provides significantly more stability and power.
Security: We are phasing out older operating systems for a more secure environment.
Free Upgrade: This move includes a performance boost at no additional cost.
Maintenance Window:
Date: May 18th, 2026
Time: 1:00 AM – 7:00 AM MST (Denver, Colorado)
Impact: You may experience intermittent or full downtime during this 6-hour downtime window as cPanels are transferred.
Action Required:
Standard Nameservers: No action is required.
Private/Custom Nameservers: You must update your IPs to
104.37.191.2 and 104.37.191.3. Please check your client area tickets for coordination with our agents.If you wish to migrate early, please reply to our recent email or open a support ticket.
Critical Security Advisory: Linux Kernel & cPanel Patches on 7 May 2026 23:29:42 (UTC-06:00)
Resolved on 9 May 2026 21:22:12 (UTC-06:00)
Fleet-wide security maintenance is now Complete.
Kernel Status (Dirty Frag): We have successfully applied the KernelCare livepatches across all remaining nodes. All systems are now confirmed secure against CVE-2026-43284 and CVE-2026-43500.
cPanel/WHM: Verified at safe versions across the entire infrastructure.
Fleet-wide security maintenance is now Complete.
Kernel Status (Dirty Frag): We have successfully applied the KernelCare livepatches across all remaining nodes. All systems are now confirmed secure against CVE-2026-43284 and CVE-2026-43500.
cPanel/WHM: Verified at safe versions across the entire infrastructure.
Update on 8 May 2026 10:31:33 (UTC-06:00)
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
Identified on 8 May 2026 01:01:25 (UTC-06:00)
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
Investigating on 7 May 2026 23:29:42 (UTC-06:00)
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.