URGENT: cPanel Security Patch Maintenance (May 13)
We are performing an emergency maintenance window to apply a Targeted Security Release from cPanel across all hosting nodes.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
Investigating
We are performing an emergency maintenance window to apply a Targeted Security Release from cPanel across all hosting nodes.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
We are performing an emergency maintenance window to apply a Targeted Security Release from cPanel across all hosting nodes.
Why is this happening?
A series of high-severity vulnerabilities (including CVE-2026-29205, CVE-2026-29206 , CVE-2026-32991 , CVE-2026-32992 , CVE-2026-32993) have been identified. To ensure the integrity of your data and server security, we are applying these patches immediately upon release.
Maintenance Window:
Date: Wednesday, May 13, 2026
Time: 11:15 AM – 12:00 PM MST (Denver, Colorado)
Expected Impact:
You may experience brief intermittent connectivity issues to the cPanel/WHM interface and mail services while the binaries are restarted. Websites and database services are expected to remain online during this time.
No action is required on your part. We appreciate your patience as we keep our infrastructure secure.
Scheduled
We are performing a mandatory migration of all accounts on our legacy node, crispr.fah-dc3-ds.com, to our new high-performance node: dragon.fah-dc3-ds.com.
Why are we doing this?
Performance: The dragon node provides significantly more stability and power.
Security: We are phasing out older operating systems for a more secure environment.
Free Upgrade: This move includes a performance boost at no additional cost.
Maintenance Window:
Date: May 18th, 2026
Time: 1:00 AM – 7:00 AM MST (Denver, Colorado)
Impact: You may experience intermittent or full downtime during this 6-hour downtime window as cPanels are transferred.
Action Required:
Standard Nameservers: No action is required.
Private/Custom Nameservers: You must update your IPs to
If you wish to migrate early, please reply to our recent email or open a support ticket.
We are performing a mandatory migration of all accounts on our legacy node, crispr.fah-dc3-ds.com, to our new high-performance node: dragon.fah-dc3-ds.com.
Why are we doing this?
Performance: The dragon node provides significantly more stability and power.
Security: We are phasing out older operating systems for a more secure environment.
Free Upgrade: This move includes a performance boost at no additional cost.
Maintenance Window:
Date: May 18th, 2026
Time: 1:00 AM – 7:00 AM MST (Denver, Colorado)
Impact: You may experience intermittent or full downtime during this 6-hour downtime window as cPanels are transferred.
Action Required:
Standard Nameservers: No action is required.
Private/Custom Nameservers: You must update your IPs to
104.37.191.2 and 104.37.191.3. Please check your client area tickets for coordination with our agents.If you wish to migrate early, please reply to our recent email or open a support ticket.
Critical Security Advisory: Linux Kernel & cPanel Patches on 7 May 2026 23:29:42 (UTC-06:00)
Resolved on 9 May 2026 21:22:12 (UTC-06:00)
Fleet-wide security maintenance is now Complete.
Kernel Status (Dirty Frag): We have successfully applied the KernelCare livepatches across all remaining nodes. All systems are now confirmed secure against CVE-2026-43284 and CVE-2026-43500.
cPanel/WHM: Verified at safe versions across the entire infrastructure.
Fleet-wide security maintenance is now Complete.
Kernel Status (Dirty Frag): We have successfully applied the KernelCare livepatches across all remaining nodes. All systems are now confirmed secure against CVE-2026-43284 and CVE-2026-43500.
cPanel/WHM: Verified at safe versions across the entire infrastructure.
Update on 8 May 2026 10:31:33 (UTC-06:00)
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
Identified on 8 May 2026 01:01:25 (UTC-06:00)
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
Investigating on 7 May 2026 23:29:42 (UTC-06:00)
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.
Performance Alert: Increased CPU Load Detected on crispr.fah-dc3-ds.com on 7 May 2026 18:39:07 (UTC-06:00)
Resolved on 7 May 2026 23:05:12 (UTC-06:00)
RESOLVED: Monitoring has been completed, and Node 01: Crispr is confirmed to be stable and in good health. Performance metrics have remained within normal ranges, and all services are fully operational. We appreciate your patience while we worked to resolve this load spike.
RESOLVED: Monitoring has been completed, and Node 01: Crispr is confirmed to be stable and in good health. Performance metrics have remained within normal ranges, and all services are fully operational. We appreciate your patience while we worked to resolve this load spike.
Monitoring on 7 May 2026 18:52:20 (UTC-06:00)
UPDATE: The server load on Node 01: Crispr has stabilized and returned to normal operating parameters. We have successfully mitigated the source of the high CPU usage and will continue to monitor the node closely to ensure sustained performance. All services are currently fully operational.
UPDATE: The server load on Node 01: Crispr has stabilized and returned to normal operating parameters. We have successfully mitigated the source of the high CPU usage and will continue to monitor the node closely to ensure sustained performance. All services are currently fully operational.
In progress on 7 May 2026 18:43:06 (UTC-06:00)
UPDATE:
We have identified a specific account on the Node 01: Crispr server causing excessive resource usage. We have implemented temporary resource throttling for the affected account to restore stability to the rest of the node. Load averages are currently returning to normal levels, and we are monitoring the situation closely.
UPDATE:
We have identified a specific account on the Node 01: Crispr server causing excessive resource usage. We have implemented temporary resource throttling for the affected account to restore stability to the rest of the node. Load averages are currently returning to normal levels, and we are monitoring the situation closely.
Identified on 7 May 2026 18:39:07 (UTC-06:00)
We have detected an unusual spike in CPU load on the Node 01: Crispr server. Our technical team is actively investigating the cause and working to stabilize performance. You may experience intermittent slowness while this is being addressed.
We will provide further updates as the situation evolves.
We have detected an unusual spike in CPU load on the Node 01: Crispr server. Our technical team is actively investigating the cause and working to stabilize performance. You may experience intermittent slowness while this is being addressed.
We will provide further updates as the situation evolves.
Temporary Suspension of Shell Access to all customers on 30 Apr 2026 18:49:59 (UTC-06:00)
Resolved on 1 May 2026 20:55:36 (UTC-06:00)
We have successfully applied and verified the security patches for CVE-2026-31431 across all hosting nodes.
Access Update: Standard SSH and shell-based access have been fully re-enabled for all users.
All services remained operational during this window, and no reboots were required. We have confirmed that all kernels are now 100% secure against the "Copy Fail" vulnerability. Thank you for your patience while we prioritized this critical maintenance.
We have successfully applied and verified the security patches for CVE-2026-31431 across all hosting nodes.
Access Update: Standard SSH and shell-based access have been fully re-enabled for all users.
All services remained operational during this window, and no reboots were required. We have confirmed that all kernels are now 100% secure against the "Copy Fail" vulnerability. Thank you for your patience while we prioritized this critical maintenance.
Identified on 30 Apr 2026 18:49:59 (UTC-06:00)
We have temporarily disabled all SSH and shell-based access across our hosting nodes as a precautionary measure in response to a recently identified critical Linux kernel security vulnerability.
At this time:
All website, email, and hosting services remain fully operational
Only SSH and shell access are affected
This action has been taken out of an abundance of caution to further reduce any potential risk while upstream patches are being finalized and fully verified.
Our team is actively monitoring the situation and will restore shell access once we have confirmed that all systems are fully secured.
We will continue to provide updates as new information becomes available.
Thank you for your understanding.
We have temporarily disabled all SSH and shell-based access across our hosting nodes as a precautionary measure in response to a recently identified critical Linux kernel security vulnerability.
At this time:
All website, email, and hosting services remain fully operational
Only SSH and shell access are affected
This action has been taken out of an abundance of caution to further reduce any potential risk while upstream patches are being finalized and fully verified.
Our team is actively monitoring the situation and will restore shell access once we have confirmed that all systems are fully secured.
We will continue to provide updates as new information becomes available.
Thank you for your understanding.