Critical Security Advisory: Linux Kernel & cPanel Patches 23hr 43min ago
Update 12hr 42min ago
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
UPDATE [May 08, 10:30 AM MST]:
We have successfully completed the fleet-wide deployment of the security patches for CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.
cPanel/WHM Status: All nodes (Crispr, Hyperion, Atlas, Prometheus) are now verified at a safe version and are fully patched.
Kernel Status (Dirty Frag): Our team is still actively working on the Dirty Frag vulnerability. We are awaiting the final release of the KernelCare livepatches from CloudLinux. In the meantime, Imunify360 Active Shielding remains in place to mitigate potential exploits.
Performance: All services remain online; no downtime was required for these updates.
We will provide another update as soon as the kernel livepatches are applied.
Identified 22hr 12min ago
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
UPDATE:
We are continuing to track the DirtyFrag Linux kernel vulnerability and the recent cPanel & WHM security advisories (CVE-2026-29201, 2026-29202, and 2026-2903).
Our Integrated Defense Strategy:
Because our infrastructure utilizes Imunify 360 and KernelCare, our mitigation path is more advanced than traditional hosting environments:
Active Shielding (Imunify 360): Think of this as our immediate frontline defense. Imunify 360 uses a Proactive Defense module and WAF rules that are already identifying and dropping high-risk fragmented network packets associated with DirtyFrag. This effectively stops the exploit at the "front door" before it can ever reach the kernel.
Zero-Downtime Patching (KernelCare): While the shield is up, we still require a permanent "cure" at the kernel level. As soon as vendor patches are finalized, KernelCare allows us to deploy them across all nodes without requiring a server reboot.
Automated Deployment: Once the cPanel and OS binary updates are verified, our automated systems will propagate them across the entire fleet to ensure 100% long-term compliance.
What this means for you:*
There is no action required on your part. Your websites remain online and protected by our active shielding. We are simply waiting for the final "green light" from the developers to push the permanent code fixes through our automated pipelines.
We will provide a final update once the patching cycle is complete across the entire fleet.
Investigating 23hr 43min ago
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.
Web Hosting, Reseller, and Enterprise Managed Nodes
We are currently tracking and responding to a newly identified Linux kernel vulnerability known as "DirtyFrag." This flaw exists within specific network modules and could potentially allow for unauthorized memory manipulation via specially crafted network packets.
Simultaneously, our security team is addressing three newly reported vulnerabilities within the cPanel & WHM software stack: CVE-2026-29201, CVE-2026-29202, and CVE-2026-2903.
Our Action Plan:
DirtyFrag Mitigation: We are actively monitoring for the release of stable kernel patches across our supported distributions (AlmaLinux, CloudLinux). In the interim, we are adjusting firewall parameters to drop high-risk fragmented packets where applicable.
cPanel Security: Our automated patching system is being prepared to push the latest cPanel security binaries as soon as they are verified for our environment.
Zero-Downtime Goal: As always, we will utilize KernelCare and live-patching technologies to minimize or eliminate the need for server reboots during this maintenance.
Customer Impact: No immediate action is required from your side. We are handling the patching at the infrastructure level. You may notice brief service restarts for specific cPanel daemons as updates are applied.
We are committed to the integrity of your data and will provide further updates as the deployment progresses.