Emergency Authentication Security Mitigation Completed Across All Rad Web Hosting cPanel/WHM Infrastructure
Bulletin Number: RWH-SOC-2026-0428-A
Issue Date: April 28, 2026
Incident Classification: Critical Vendor Security Advisory
Infrastructure Priority: SEV-1
Current Status: Fully Mitigated / Services Secured
Executive Summary
Rad Web Hosting Security Operations is issuing this formal bulletin to advise customers that all provider-managed cPanel/WHM hosting infrastructure has undergone immediate emergency security maintenance following cPanelβs public disclosure of a Critical Vulnerability with cPanel & WHM Login Authentication on April 28, 2026.
Because the disclosed issue affects the authentication pathway responsible for administrative and account-level access into cPanel and WHM environments, Rad Web Hosting classified the advisory as a Severity One Infrastructure Security Event requiring accelerated same-day remediation.
All emergency mitigation procedures have now been completed.
Vendor Advisory Overview
The cPanel vendor advisory identified a critical flaw within the login authentication subsystem utilized by currently supported cPanel & WHM releases.
Potential risk associated with this advisory includes:
- unauthorized authentication bypass attempts,
- elevated risk to exposed cPanel/WHM management interfaces,
- potential control panel access compromise if systems remain unmitigated.
The advisory called for immediate hosting provider intervention to secure externally reachable cPanel/WHM login services.
Rad Web Hosting Security Response
Immediately following publication of the vendor advisory, Rad Web Hosting initiated emergency SEV-1 incident response procedures under Security Operations Center oversight.
Response actions included:
- immediate advisory validation and threat impact assessment,
- identification of all managed cPanel/WHM production nodes,
- emergency change window authorization,
- forced cPanel update synchronization,
- deployment of all currently available vendor remediation packages,
- implementation of interim authentication surface mitigations,
- hardened restriction of exposed login service vectors where applicable,
- post-maintenance authentication verification,
- elevated intrusion and login anomaly monitoring.
Security maintenance was prioritized across:
- Shared Hosting clusters
- Reseller Hosting clusters
- Managed cPanel VPS systems
- Managed cPanel Dedicated Servers
- Internal administrative WHM systems
Mitigation Completion Confirmation
Rad Web Hosting can formally confirm:
100% of Rad Web Hosting managed cPanel/WHM servers have completed emergency mitigation and patch application procedures related to the cPanel Critical Login Authentication Vulnerability disclosed April 28, 2026.
All customer services hosted on provider-managed cPanel infrastructure are now operating under patched and/or vendor-recommended mitigated conditions.
Security Validation Findings
Post-remediation verification confirms:
- cPanel and WHM authentication services are functioning normally,
- no indicators of unauthorized authentication compromise were observed,
- no evidence of active exploitation was detected within monitored Rad Web Hosting infrastructure,
- no hosted customer websites, databases, email services, or DNS zones were disrupted during the security cycle.
At this time, there is no evidence of customer account exposure associated with this incident.
Temporary Customer-Facing Effects
During accelerated remediation, some customers may have briefly encountered:
- temporary cPanel login unavailability,
- short WHM service restarts,
- intermittent authentication timeout responses.
These interruptions were isolated to the emergency hardening window and are now fully cleared.
Customer websites and hosted applications remained online throughout the incident lifecycle.
Customer Assurance Notice
Important Confirmation:
If your hosting service is managed by Rad Web Hosting and utilizes cPanel/WHM, your environment has now been secured against the Critical Vulnerability announced by cPanel on April 28, 2026.
No manual customer intervention is required.
Recommended Optional Customer Precautions
While provider-level remediation has been completed, Rad Web Hosting recommends customers perform the following account hygiene actions as an additional best practice:
- rotate cPanel account passwords,
- verify active FTP/email/control panel credentials,
- enable Two-Factor Authentication,
- review authorized subaccounts and delegated users.
Ongoing Monitoring Status
Rad Web Hosting Security Operations has placed all cPanel authentication endpoints under enhanced watchlist monitoring for the next 72 hours.
Any supplemental vendor-issued hotfixes, revised mitigations, or follow-up security packages released by cPanel will be deployed immediately under standing emergency change authorization.
Incident Closure Status
Security Event: Contained
Vendor Advisory Exposure: Mitigated
Customer Infrastructure: Protected
Incident Response State: Monitoring
Issued by:
Rad Web Hosting Security Operations Center
24Γ7 Infrastructure Security Monitoring β’ Proactive Threat Response β’ Managed Hosting Protection
Need Assistance?
If you have any questions regarding this incident or wish to request a manual review of your hosting account security, please open a support ticket through the Rad Web Hosting client portal.
Our team remains available 24/7.
Rad Web Hosting Security Operations Center
Proactive Infrastructure Monitoring β’ Managed Security Response β’ Always On Guard
