Loading...

Knowledge Base
Home 
 
/
 cPanel Vulnerability for VPS & Dedicated Customers on CentOS 6
Categories: Advanced

cPanel Vulnerability for VPS & Dedicated Customers on CentOS 6

On April 28, 2026, cPanel released an emergency security update addressing a critical authentication-related vulnerability in cPanel & WHM. According to cPanel, the issue affects multiple authentication paths. HostGator has confirmed that the vulnerability is actively being treated as a critical authentication-bypass exploit.

Why this matters specifically for CentOS 6

CentOS 6 reached end of life on November 30, 2020. cPanel ended support for CentOS 6 with cPanel & WHM version 88, and current cPanel releases only run on supported distributions such as Alma Linux, CentOS 9, CentOS 10 Rocky Linux, and Ubuntu.

As a result:

  • Continued operation on CentOS 6 leaves cPanel, WHM, Webmail, Web Disk, and SSL services exposed to these and other unpatched issues. Migration to a supported OS is the only durable remediation.

What HostGator is doing

  • Restricted Log in access to cPanel and WHM on some VPS and Dedicated servers running CentOS 6.
  • Restricting inbound access to the following ports on affected VPS and Dedicated servers running CentOS 6 to reduce exploit exposure.
    • cPanel: 2082 (HTTP), 2083 (HTTPS)
    • WHM: 2086 (HTTP), 2087 (HTTPS)
    • Webmail: 2095 (HTTP), 2096 (HTTPS)
    • WebDisk: 2077 (HTTP), 2078 (HTTPS)
  • Providing migration paths from CentOS 6 to a currently supported operating system.

During this period, you may notice the following while we have the firewall rules in place:

  • cPanel and WHM web interfaces are unreachable from the public internet.
  • Webmail and Web Disk over standard cPanel ports may be temporarily unavailable.
  • SSL and non-SSL connections specifically to ports 2083/2087 are blocked.
  • Your hosted websites, databases, and email delivery (SMTP/IMAP/POP) continue to operate normally.

What you should do now

  • You can still log in to the server (SSH or the console in portal)
  • Update cPanel by running /scripts/upcp as root, per cPanel Documentation. If this fails, please contact HostGator Support
  • Do not attempt to disable the firewall rules. They are in place to protect your data while a fix is coordinated.
  • Plan to migrate off CentOS 6. HostGator offers Professional Migration Services from CentOS 6 servers to Alma Linux, or another supported distribution. HostGator will help with the purchase and provision of a new server and assist with account-level transfers.
  • Take a fresh backup of your sites, databases, and email accounts. If your server has been online and exposed in recent weeks, treat backups as a precaution rather than a recovery path.
  • Audit recent activity in /usr/local/cpanel/logs/access_log and the WHM Login History for unfamiliar IP addresses or login times.
  • Confirm SSH key-based authentication is enabled, and password authentication is disabled where possible.
  • Once migrated to a server with a supported OS, verify your cPanel build matches one of the patched versions listed below.

Patched cPanel versions

After migrating to a supported operating system, ensure your cPanel & WHM build is at or above one of the following:

  • 11.110.0.97
  • 11.118.0.63
  • 11.126.0.54
  • 11.132.0.29
  • 11.134.0.20
  • 11.136.0.5

You can verify your build under WHM → Server Configuration → Server Status, or by running /usr/local/cpanel/cpanel -V from the command line.

Frequently asked questions

Is my data still safe?

HostGator has applied network-level controls to limit exposure on CentOS 6 servers. Your sites and databases remain online; only the cPanel/WHM management interfaces are temporarily restricted.

Why can’t HostGator just patch CentOS 6?

cPanel does not produce security updates for cPanel & WHM on CentOS 6, because of this HostGator Offers VPS and Dedicated Servers on newer distros such as Alma Linux, CentOS 9, CentOS 10 Rocky Linux, and Ubuntu.

How long will the firewall block be in place?

The block on ports 2083 and 2087 will remain until your server is migrated to a supported operating system on a patched cPanel build.

Do I need to do anything if I’ve already migrated off CentOS 6?

Yes, confirm your cPanel & WHM build matches one of the patched versions listed above. If automatic updates are enabled on your server, it should already be running a patched build.

How do I get off CentOS 6 on to a Patched version of cPanel?

The best way to get off CentOS 6 is by migrating over to a newer server. This can be done by following the related articles for VPS: Guide to Purchasing VPS Hosting with HostGator or for Dedicated Servers: HostGator Dedicated Server Hosting Plans Comparison

What if I only want to upgrade CentOS 6 to CentOS 7?

You can upgrade CentOS 6 to CentOS 7, the server must first be re-imaged to a CentOS 7 server. This is due to VPS and Dedicated servers running cPanel not having the ability to upgrade from one major version of CentOS to the next. The re-image process requires the current server to be deleted entirely and replaced with a new, clean CentOS 7 server, for steps on how to prepare your server for a CentOS 7 Upgrade you can use CentOS 7 Upgrade Knowledge base article.

Loading...