TLDR; Our servers are fully patched against this week’s high-profile cPanel (CVE-2026-41940) and “Copy Fail” Linux (CVE-2026-31431) security threats. No action is required on your part; our team has already handled these updates for you.

This week was a busy one for our security team.

Rapid Response to the cPanel Authentication Vulnerability

On Tuesday, April 28th, a critical vulnerability was identified in cPanel (CVE-2026-41940). This flaw was particularly serious because it allowed for an “authentication bypass”—essentially meaning an attacker could gain administrative access to a server without needing a password.

Because we stay active in core industry security circles, we were alerted to this risk early. Following best practices, we took the proactive step of temporarily restricting access to cPanel, WHM and Webmail. This “closed the door” while we waited for the official software patch to be finalized.

Once the patch was released that afternoon, our team tested and deployed it across our entire network immediately—finishing the work many hours before standard nightly maintenance would have even begun.

By the time cPanel’s official email alert reached most server owners the following day, the digital landscape was already seeing a massive spike in exploit attempts. We are pleased to report that because of our team’s early intervention, Varial Hosting servers were fully secured before these global attacks even began.

Protecting Server Integrity Against the “Copy Fail” Threat

The very next day, Wednesday, April 29th, a second global threat emerged.

A vulnerability nicknamed “Copy Fail” (CVE-2026-31431) was discovered, affecting almost all Linux-based systems worldwide. This flaw could allow a low-level user to “escalate” their permissions to gain total control of a server.

Because the primary risk involved secure shell (SSH) access, we took the immediate precaution of temporarily disabling customer SSH and implementing early defenses while waiting for an official fix from our OS vendors.

When it became clear that a final patch would take some time to arrive, we decided not to wait. We implemented a “kernel-level” mitigation—a deep-system fix that required a full server reboot to activate.

Prioritizing Security Over Uptime

While we take pride in our ability to perform “rebootless” updates (some of our servers hadn’t needed a restart in over two years!), the emerging risk was too high to ignore. Security experts warned that hackers might try to use outdated or compromised WordPress sites as a “back door” to trigger this exploit. To ensure your data remained 100% isolated and secure, we performed a controlled reboot across our fleet last night.

As of this morning, we are happy to confirm that all servers are now running the fully patched kernel, and this vulnerability is closed.

Our Commitment to Your Security

At Varial Hosting, we know that you count on us to manage the complex world of server security so you don’t have to. While “0-day” threats like these make headlines, they are a routine part of our workday. Our team remains vigilant, monitoring global threat feeds 24/7 and testing patches before they are even officially announced to the general public.

We take these proactive steps to ensure that your business remains online and your data remains private, without you ever having to lift a finger.

Questions?

If you have any questions about these updates or our security protocols, our support team is always here to help. Feel free to open a support ticket or reach out to us directly.