Critical Linux Kernel Security Maintenance (CVE-2026-46333) 4hr 8min ago
Identified
Investigating:
Right on the heels of the recent Fragnesia patching, a new Linux kernel ptrace exit-race vulnerability (CVE-2026-46333) has been publicly disclosed. This flaw could theoretically allow a local unprivileged user to read root-owned secrets (such as SSH host private keys or shadow password databases).
Current Status & Defense-in-Depth:
Our security posture severely limits the blast radius of this vulnerability due to our core infrastructure choices:
1. CageFS Protection Active: Because all of our shared hosting environments utilize CageFS, the targeted system binaries (/usr/bin/chage and ssh-keysign) are entirely absent from the caged filesystem view. End-users cannot reach or execute these binaries, neutralizing the known public exploit path out of the box.
Imunify360 Monitoring: Our active Imunify360 security layers are monitoring process behavior for any anomalous ptrace attachment attempts.
KernelCare Livepatches: The KernelCare team has already completed their patch analysis and the automated rebootless livepatches are currently rolling through the build and deployment pipeline.
Next Steps:
We are actively auditing all nodes and staging the deployment of the KernelCare livepatch (kcarectl --update --prefix test) as it clears validation. This security maintenance will be performed entirely in the background with zero service disruption or downtime to cPanel, LiteSpeed, or network operations.
Further updates will be posted here as the patches finish rolling out.
Investigating:
Right on the heels of the recent Fragnesia patching, a new Linux kernel ptrace exit-race vulnerability (CVE-2026-46333) has been publicly disclosed. This flaw could theoretically allow a local unprivileged user to read root-owned secrets (such as SSH host private keys or shadow password databases).
Current Status & Defense-in-Depth:
Our security posture severely limits the blast radius of this vulnerability due to our core infrastructure choices:
1. CageFS Protection Active: Because all of our shared hosting environments utilize CageFS, the targeted system binaries (/usr/bin/chage and ssh-keysign) are entirely absent from the caged filesystem view. End-users cannot reach or execute these binaries, neutralizing the known public exploit path out of the box.
Imunify360 Monitoring: Our active Imunify360 security layers are monitoring process behavior for any anomalous ptrace attachment attempts.
KernelCare Livepatches: The KernelCare team has already completed their patch analysis and the automated rebootless livepatches are currently rolling through the build and deployment pipeline.
Next Steps:
We are actively auditing all nodes and staging the deployment of the KernelCare livepatch (kcarectl --update --prefix test) as it clears validation. This security maintenance will be performed entirely in the background with zero service disruption or downtime to cPanel, LiteSpeed, or network operations.
Further updates will be posted here as the patches finish rolling out.