Hi there,
We’re reaching out to let you know about an industry‑wide security issue affecting cPanel, the control panel software used by many hosting providers worldwide.
On 28 April 2026, a critical authentication vulnerability (CVE‑2026‑41940) was disclosed in cPanel & WHM, affecting all versions after 11.40. This flaw could allow an attacker to bypass the normal login flow and gain unauthorized access to hosting control panels, which is why it has been rated as a high‑severity issue with a CVSS score of 9.8. You can read the official cPanel advisory here: cPanel & WHM / WP2 Security Update 04‑28‑2026.
At this stage, we have no evidence that any Krusty Slarce client accounts or data have been compromised, and your existing data remains safe on our systems. However, because your security is non‑negotiable for us, we are treating this as a top priority and taking a cautious, defence‑in‑depth approach.
1. What we’re doing on our side
To keep every loaf in the oven secure, our team is currently:
- Applying all relevant vendor security updates and mitigations to affected cPanel/WHM environments.
- Reviewing access logs and monitoring for any suspicious activity across our infrastructure.
- Coordinating closely with our infrastructure and security partners to roll out updates in a way that is as non‑disruptive as possible to your services.
While these measures are in progress, some requests that require direct cPanel‑level changes may be slower than usual. This is intentional: we’d rather take an extra moment in the kitchen than rush and compromise your security.
2. What we recommend you do
Even with our safeguards in place, strong account hygiene is essential. We strongly encourage you to:
- Use strong, unique passwords for your hosting, email, and all related accounts (avoid simple words, use a mix of letters, numbers, and symbols).
- Never reuse the same password across multiple platforms or services, especially not between your hosting, email, banking, and social media accounts.
- Enable Two‑Factor Authentication (2FA) wherever it is available (including on cPanel, email, and your primary email provider), adding a second layer of protection even if a password is ever exposed.
These habits dramatically reduce the risk of unauthorized access, even when new vulnerabilities are discovered at the software level.
3. Our commitment to your security
We take your security seriously and design our “bakery” so your projects stay warm, safe, and reliably served. We are actively working with our upstream providers and security partners to ensure that all patches are applied safely and that updates are rolled out in a controlled, non‑disruptive manner. As more information becomes available from cPanel and the wider security community, we will continue to adjust our protections and keep you informed.
If you have any questions, need help updating passwords, or would like assistance enabling 2FA, please reach out to our support team and we’ll happily walk you through it.
In Krust, We Trust,
The Krusty Slarce Team
Петок, Мај 1, 2026
