Resolved
The previously identified WHMCS Client Area authorization vulnerability has now been fully addressed across our environment. Affected systems have either been successfully patched or secured through alternative mitigation measures. For a small subset of customers, additional steps are still required on their end to complete remediation, and instructions have been provided via email.
Posted May 18th, 2026 6:09 pm EST 
Identified
On May 12th, a critical security vulnerability affecting WHMCS authorization checks within the Client Area was identified by the vendor. This issue impacts WHMCS versions 7.4 and later, and may expose servers to unauthorized access if left unpatched.
Where possible we have patched, however a small subset of customers have configurations active that prevent us from patching. We have secured these servers; however, this will restrict your access to Client Area and affect manual renewals and account management.
For additional information on the issue, please visit the WHMCS website: https://help.whmcs.com/m/125386/l/2073908-cve-2026-29204?token=_4RH-0s0febHsrNiC8GdPymsqg3_nSdT
Posted May 12th, 2026 6:34 pm EST
Affected Services
- Account Manager