Today, May 13, 2026, 040Hosting applied another round of important security updates across our managed server infrastructure.
This update covered newly released cPanel/WHM security patches for several CVEs rated up to High severity, as well as our response to the newly reported Linux kernel vulnerability known as Fragnesia.
As always, these updates were implemented as soon as patched builds or appropriate mitigations became available.
cPanel/WHM Security Updates Applied
cPanel released patched builds addressing multiple vulnerabilities in cPanel/WHM. The CVEs included in this update are:
- CVE-2026-29205
- CVE-2026-29206
- CVE-2026-32991
- CVE-2026-32992
- CVE-2026-32993
These updates affect different parts of the cPanel/WHM system, including internal services, API handling, DNS cluster communication and user privilege handling.
According to cPanel’s advisories, the issues include:
- An arbitrary file read issue via certain
cpdavd endpoints, related to privilege handling and path filtering.
- A possible SQL injection issue in the
sqloptimizer script.
- A privilege escalation issue where a low-privilege team user could gain the full capabilities of the account owner through certain UAPI modules.
- An issue where SSL verification was not fully enforced in the DNS Cluster system, potentially allowing man-in-the-middle interception and credential capture.
- An unauthenticated
cpsrvd endpoint issue that could allow arbitrary HTTP header insertion.
Patched cPanel/WHM Versions
The patched cPanel/WHM versions include:
- 11.86.0.44 and higher
- 11.94.0.31 and higher
- 11.102.0.42 and higher
- 11.110.0.118 and higher
- 11.118.0.67 and higher
- 11.124.0.38 and higher
- 11.126.0.59 and higher
- 11.130.0.23 and higher
- 11.132.0.32 and higher
- 11.134.0.26 and higher
- 11.136.0.10 and higher
For older CentOS 6 or CloudLinux 6 systems, cPanel has also made 11.110.0.118 available as a direct update path. cPanel recommends updating servers and verifying the installed cPanel version afterwards.
For servers managed by 040Hosting, these updates have been applied where applicable.
Fragnesia: New Linux Kernel Privilege Escalation Vulnerability
You may also have seen reports about Fragnesia, tracked as CVE-2026-46300.
Fragnesia is a new Linux kernel local privilege escalation vulnerability. It follows shortly after Copy Fail and Dirty Frag, making it the third Linux kernel privilege escalation issue of this type in a short period.
This type of vulnerability is especially important in shared or multi-user hosting environments, because a local privilege escalation bug could potentially allow a lower-privileged user or process to gain higher system privileges.
CloudLinux 7 Is Not Affected
CloudLinux has confirmed that CloudLinux 7 is not affected by Fragnesia. That means no patch, mitigation or other action is required on standard CloudLinux 7 servers for this specific vulnerability.
This is important because many people may assume that every recent Linux kernel issue automatically applies to all Linux versions. In this case, that is not correct.
CloudLinux 7h, 8, 9 and 10
CloudLinux has indicated that the following versions are affected by Fragnesia:
- CloudLinux 7h
- CloudLinux 8
- CloudLinux 9
- CloudLinux 10
CloudLinux states that Fragnesia is separate from Dirty Frag, but belongs to the same XFRM/ESP class. The immediate mitigation is identical, so systems where the Dirty Frag mitigation was already applied do not need another separate mitigation while patched kernels and KernelCare live patches are being released.
For affected managed systems, 040Hosting has applied the appropriate mitigation or patching steps where applicable. Where KernelCare live patches are available, we use them to reduce the need for disruptive reboots.
Customer Impact
For customers on servers managed by 040Hosting, no action is required.
The relevant cPanel/WHM updates have been applied where applicable. For Fragnesia, affected systems have been handled according to the available vendor guidance, while CloudLinux 7 systems do not require action for this specific vulnerability.
No customer-side configuration changes are required.
Why This Matters
Security maintenance is not one single update or one single patch. A hosting environment depends on many layers working together: the Linux kernel, cPanel/WHM, Apache, Exim, DNS services, mail services and security tools.
When one of those layers receives a security patch, we review and apply it as quickly as possible. If a final patch is not yet available, we assess whether a temporary mitigation can reduce the risk until the official fix is released.
That is part of the value of managed hosting.
Our goal remains simple: keep customer environments protected, stable and available.