We are writing to let you know that a cPanel & WHM security patch is expected to be released on Wednesday, May 13th 2026 - at 6pm UK time.

This release addresses multiple vulnerabilities across versions of cPanel & WHM, including fixes for the following vulnerabilities rated up to High severity. CVE-2026-29205 CVE-2026-29206 CVE-2026-32991 CVE-2026-32992 CVE-2026-32993 All vulnerabilities were either responsibly disclosed by external researchers or identified internally by our security team. At this time, there are no known exploits or proof-of-concept code in the wild.

What will Hosting UK do? We will patch all shared hosting servers, and Managed Servers at this point. Unmanaged server (VPS, Cloud & Dedicated servers) customers are advised to login an apply the patch themselves.

Patch & Affected Versions The patch will be available on May 13th 2026 - at 6pm UK time. and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update once the patch is made available.

Versions Impacted: 86, 94, 102, 110, 110 CL6, 118, 124, 126, 130, 132, 134, 136, 136 (WP2)