Securing Your cPanel & WHM Installation: A Step-by-Step Update Guide

By

Introduction

Keeping your web hosting control panel up to date is not just a best practice—it’s a necessity. cPanel and Web Host Manager (WHM) recently released patches that fix three security flaws. If left unpatched, these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. One of the issues, tracked as CVE-2026-29201 (CVSS 4.3), stems from insufficient input validation in a feature file name within the feature::LOADFEATUREFILE adminbin call. Other vulnerabilities involve code execution and denial-of-service vectors. This guide walks you through updating your cPanel/WHM installation to protect your server and your clients.

What You Need

Before you begin, ensure you have the following:

• Root or sudo access to your server (SSH or WHM root).
• A valid cPanel & WHM license (active and not expired).
• Stable internet connectivity to download updates.
• Current version knowledge – note your installed version (check via WHM or command line).
• A full backup of your server (do this before any update).
• Recommended: a staging or test environment if available.

Step-by-Step Guide

Step 1: Check Your Current cPanel/WHM Version

Knowing your current version helps you confirm whether the update is needed. Login via SSH as root and run:

/usr/local/cpanel/cpanel -V

Or, browse to WHM >> Home >> Server Information. Look for the version string. If you’re running a release older than the patched tier (refer to cPanel’s release notes for specifics), proceed to Step 2.

Step 2: Create a Full Backup

Always back up before making changes. At minimum, create a system backup using WHM’s Backup feature:

1. Go to WHM >> Home >> Backup >> Backup Configuration.
2. Enable full backups to a remote destination or local drive.
3. Run a manual backup via WHM >> Home >> Backup >> Generate Backup.
4. Alternatively, use the command /usr/local/cpanel/scripts/backup for a quick snapshot.

Store the backup off-server if possible.

Step 3: Update cPanel/WHM Using the Command Line

The most reliable method is via the built-in updater. Connect via SSH and execute:

/usr/local/cpanel/scripts/upcp --force

This forces a full update check and applies the latest stable release, including patches for the three vulnerabilities. The process may take several minutes. Do not interrupt it.

Alternatively, from WHM:

1. Navigate to WHM >> Home >> Server Configuration >> Update Preferences.
2. Ensure the update tier is set to RELEASE (or EDGE for bleeding edge, but RELEASE is recommended for stability).
3. Click Update to Latest Version and confirm.

Step 4: Verify the Update

After the update completes, confirm the new version:

/usr/local/cpanel/cpanel -V

Compare the version number with the patched release information from cPanel’s security announcements. Also check for any error messages in the update logs:

tail -100 /var/log/cpanel-update.log

If you see failures, refer to cPanel’s documentation or open a support ticket.

Step 5: Run Post-Update Checks

Confirm that the vulnerabilities are addressed by verifying the following:

• Privilege escalation – test with a non-root user (e.g., try to load a malicious feature file). In most cases, the fix prevents the attack outright.
• Code execution – ensure any custom scripts that call adminbin functions still work correctly.
• Denial-of-service – monitor server load after the update; it should remain normal.

Additionally, restart any related services that may have been affected:

service cpanel restart && service httpd restart && service mysql restart

Finally, re-check your backup configuration to ensure future backups include the updated files.

Tips for a Smooth Update

• Schedule updates during low-traffic hours to minimize impact on users.
• Enable automatic updates in WHM (Update Preferences) so you don’t miss future patches.
• Test in a staging environment if you run custom plugins or modifications.
• Read the release notes for any breaking changes before updating.
• Monitor cPanel’s security advisories regularly (https://news.cpanel.com).
• Keep a rollback plan – know how to restore from backup if an update causes issues.

By following these steps, you’ll protect your server from the three identified vulnerabilities (including CVE-2026-29201) and maintain a secure hosting environment.

Related Articles

• Europa Universalis 5’s 1.2 Update: 72 Pages of Changes Explained
• Samsung's Sleek Display-Less Galaxy Glasses: 8 Key Insights from the First Leak
• Java Ecosystem Updates: Q&A on OpenJDK, Spring AI, and More (April 2026)
• Valve Opens the Door to Steam Controller Customization with CAD File Release
• Python 3.14.3: Third Maintenance Release Now Available with Over 299 Bugfixes and New Features
• 10 Essential Insights into AI-Assisted Software Development: Mastering Agentic Engineering and Verification
• Reviving the Humane Ai Pin: Turn a Discontinued Wearable into a Full Android Device – A Step-by-Step Guide
• Microsoft Restructures Windows Insider Program: New Channels and Feature Selection in Latest Builds