At 040Hosting, server security is not something we treat as a once-in-a-while maintenance task. It is an ongoing responsibility.
Over the past 2 weeks (latest from yesterday evening), several important security vulnerabilities were disclosed affecting Linux systems and common hosting components. These included the Linux kernel vulnerabilities known as Copy Fail and Dirty Frag, as well as multiple other CVEs affecting services such as Apache HTTP Server, Exim and cPanel/WHM.
We implemented these patches directly when they became available. Where possible, we also implemented temporary mitigations before the final vendor patches were released or fully available.
Linux Kernel Security: Dirty Frag and Copy Fail
Two of the more notable Linux kernel issues were known as Copy Fail and Dirty Frag, also referred to by some as Copy Fail 2.
These vulnerabilities are local privilege escalation issues. That means they could potentially allow a local user on an affected system to gain higher privileges than intended.
For managed servers where live patching was available, we applied the relevant kernel live patches to reduce disruption and avoid unnecessary reboots. Where additional action was required, this was handled as part of our normal security maintenance procedures.
Apache HTTP Server Update via EasyApache 4
As part of the recent security maintenance, we also applied the EasyApache 4 Apache HTTP Server update, included in EA4 v25.57.
The Apache package was updated as follows:
Package updated: ea-apache24
Version: 2.4.66 → 2.4.67
Total CVEs addressed: 11
Platforms covered: CentOS 7, AlmaLinux 9, Ubuntu 20.04, 22.04 and 24.04
Customer impact: Standard EA4 package update. No configuration changes were required and no customer downtime was expected.
This update included fixes for several Apache vulnerabilities, including issues in commonly used modules such as mod_http2 and mod_rewrite.
CVEs addressed in this Apache release include:
-
CVE-2026-23918 — Important, CVSS 8.8
This relates to mod_http2. This module is not enabled by default, but it is commonly used in many hosting environments.
-
CVE-2026-24072 — Moderate
This relates to mod_rewrite, which is part of the core Apache HTTP Server build and is enabled by default.
-
CVE-2026-33006 — Moderate
-
CVE-2026-29168 — Low
-
CVE-2026-29169 — Low
-
CVE-2026-33007 — Low
-
CVE-2026-33523 — Low
-
CVE-2026-33857 — Low
-
CVE-2026-34032 — Low
-
CVE-2026-34059 — Low
Exim Security Update
We also applied the recent Exim 4.99.2 security update.
Exim is the mail transfer agent commonly used on cPanel servers. Because mail services are exposed to the internet by design, Exim security updates are treated with high priority.
Package updated: Exim
Total CVEs addressed: 4
Platforms covered: CentOS 7, AlmaLinux 9, Ubuntu 20.04, 22.04 and 24.04
Customer impact: Standard package update. No configuration changes were required and no customer downtime was expected.
CVEs addressed in this Exim release include:
-
CVE-2026-40685 — Critical, CVSS 9.8
-
CVE-2026-40684 — High, CVSS 7.5
-
CVE-2026-40686 — Medium
-
CVE-2026-40687 — Medium
Severity ratings can vary between trusted rating sources. The practical risk may also depend on the exact server configuration and how the affected service is used.
cPanel/WHM Security Update
We also implemented the cPanel/WHM security update for CVE-2026-41940.
This was an important cPanel security update related to an authentication bypass issue affecting cPanel software, including DNSOnly, on versions after 11.40. cPanel published patched builds for multiple supported cPanel & WHM branches. We applied the relevant updates where applicable and restarted the required cPanel services after updating.
This update covered patched cPanel & WHM versions including:
-
11.86.0.41 and higher
-
11.94.0.28 and higher
-
11.102.0.39 and higher
-
11.110.0.97 and higher
-
11.118.0.63 and higher
-
11.124.0.35 and higher
-
11.126.0.54 and higher
-
11.130.0.19 and higher
-
11.132.0.29 and higher
-
11.134.0.20 and higher
-
11.136.0.5 and higher
Where needed, we also used the temporary mitigation options recommended by cPanel until servers could be brought to a patched version. This included restricting access to affected services where appropriate.
Additional cPanel/WHM Security Updates
In addition to the specific CVE-2026-41940 update, we also applied other relevant cPanel/WHM patches as they became available.
cPanel systems depend on several integrated components, including web server packages, mail services, system libraries and control panel services. For that reason, we do not look at security updates as isolated events. We monitor and apply vendor patches across the full hosting stack.
No Customer Action Required for Managed Servers
For servers managed by 040Hosting, no customer action is required.
The relevant updates and mitigations have already been applied where applicable. No configuration changes were required from customers and no server reboots were required for the Apache or Exim package updates.
Customers managing their own server stack should ensure that:
-
EasyApache 4 has been updated through WHM or via the command line
-
Exim has been updated through the standard cPanel update mechanism
-
cPanel/WHM is fully up to date
-
Kernel live patches or kernel updates have been applied where applicable
Proactive Protection
Security updates like these are a good reminder that managed hosting is more than disk space, bandwidth and a control panel.
Behind the scenes, we continuously monitor vendor advisories, kernel updates, control panel patches and service-level CVEs. When important fixes become available, we apply them as quickly as possible. Where a final patch is not yet available, we assess whether temporary mitigations can reduce exposure until the official fix is released.
Our goal is simple: keep customer environments protected, stable and available.