Stay updated with our latest announcements, updates, and service improvements
Dear Customers,
The scheduled security updates and maintenance activities on the following server locations have now been completed successfully:
• Indian Server 1
• Finland Server
• Singapore Server
The updates were performed to improve:
• Server stability
• Overall security
• Service performance
• Infrastructure reliability
Current Status
• All major services are expected to function normally again
• Temporary maintenance-related interruptions should now be resolved
If you are still facing any issue such as:
• Website downtime
• cPanel/login problems
• Slow loading
• Mail-related issues
Kindly check the service manually once and contact support with updated screenshots/details if the issue still persists.
We appreciate your patience and cooperation during the maintenance period.
Dear Customers,
Important security updates and maintenance activities are scheduled for the following server locations:
• Indian server 1
• Finland Server
• Singapore Server
During this maintenance period, some users may temporarily experience:
• Short-term downtime
• Slow website loading
• Temporary cPanel/login issues
• Brief service interruptions during update/restart process
These updates are being applied to improve server stability, performance, and overall security.
We recommend avoiding critical changes/uploads during the maintenance window.
We appreciate your patience and understanding.
Dear Customers,
A scheduled maintenance activity is currently ongoing on our Singapore location/server infrastructure.
During this maintenance window, some users may temporarily experience:
• Short-term downtime
• Slow loading/access delays
• Temporary cPanel/login access issues
• Intermittent website/service connectivity interruptions
Current Status
• The technical team is actively working on the maintenance and optimization process
• Services are expected to stabilize gradually once maintenance is completed
Estimated Resolution Time
• Maintenance is expected to be completed by tonight
We appreciate your patience and understanding during this maintenance period.
Dear Customers,
A newly disclosed Linux kernel vulnerability named Dirty Frag allows Local Privilege Escalation (LPE) to root user access on vulnerable systems.
Vulnerability Information
Dirty Frag was publicly disclosed on May 7, 2026.
The vulnerability is related to the previously disclosed Copy/Fail vulnerability (CVE-2026-31431) and is considered a continuation of the Dirty Pipe exploit class (CVE-2022-0847).
The issue exists within the Linux kernel itself and may affect multiple Linux distributions.
Potential Impact
Systems running Linux kernel versions released after approximately Linux 4.14 (2017+) may be vulnerable.
Successful exploitation may allow attackers with local access to:
• Gain root-level privileges
• Modify kernel page cache memory
• Compromise binaries loaded by the kernel
• Fully compromise affected servers
Potentially Affected Operating Systems
• CloudLinux 7 Hybrid
• CloudLinux 8
• CloudLinux 9
• CloudLinux 10
• AlmaLinux 8
• AlmaLinux 9
• AlmaLinux 10
• Rocky Linux 8
• Rocky Linux 9
• Ubuntu 20.04
• Ubuntu 22.04
• Ubuntu 24.04
Current Status
At the time of publication, official upstream kernel patches are still being prepared and distributed by Linux maintainers and vendors.
Until stable patches are officially released, temporary mitigations are strongly recommended.
Temporary Mitigation
Run the following command as root user:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
After that, flush kernel page cache:
echo 3 > /proc/sys/vm/drop_caches
After completing both commands, reboot the server once to ensure mitigation changes are properly applied.
Recommended Actions
• Apply temporary mitigation immediately
• Monitor official vendor advisories for stable kernel updates
• Restrict shell access for untrusted users
• Keep servers and cPanel environments fully updated
• Reboot servers after official kernel patches are installed
AquaHost Advisory
Customers using VPS or dedicated Linux environments are strongly advised to monitor this issue carefully and apply security updates immediately once officially released by their operating system vendor.
AquaHost will continue monitoring vendor advisories and security developments related to this vulnerability.
Dear Customer,
We would like to inform you that new cPanel versions have been released addressing critical security vulnerabilities related to Exim (mail service).
Affected Versions (Patched Releases):
– 11.136.0.7
– 11.134.0.23
– 11.126.0.56
– 11.118.0.64
– 11.110.0.112
Vulnerabilities Addressed:
– CVE-2026-40684
– CVE-2026-40685
– CVE-2026-40686
– CVE-2026-40687
These vulnerabilities may impact server security if not updated in time.
Action Required:
If you are using a cPanel license provided by AquaHost, you are strongly advised to update your server immediately using the following command:
VERSION=11.134.0.23; sed -i "s/^CPANEL=.*/CPANEL=$VERSION/g" /etc/cpupdate.conf ; echo "$VERSION" > /usr/local/cpanel/version ; /scripts/upcp --force
After completing the update, please run your license activation command again if required.
Recommendation:
We strongly recommend applying this update as soon as possible to ensure your server remains secure and protected.
For any assistance, please raise a support ticket
Dear Clients,
We are issuing this advisory regarding a critical security vulnerability (CVE-2026-41940) identified in cPanel & WHM. This vulnerability has been actively exploited in the wild and may allow unauthorized access to affected servers.
Official Advisory:
https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
Incident Overview
Based on industry reports and observed cases, attackers are:
• Scanning for unpatched cPanel servers
• Gaining unauthorized access via authentication bypass
• Deploying a malicious binary (commonly named nuclear.x86)
• Executing it, removing traces, and re-running it periodically
• Performing full system reconnaissance and data access
Potential Impact
If a server was exposed or compromised, the following must be assumed at risk:
• Root/server access credentials
• SSH private keys and authorized access
• Password hashes (including system and database)
• Command history and environment data
• Website/application credentials stored on the server
Note: Website files and databases may appear intact, but hidden access or backdoors may still exist.
Immediate Actions Required
1. Update cPanel Immediately
/scripts/upcp --force
If immediate update is not possible, temporarily disable access:
whmapi1 configureservice service=cpsrvd enabled=0 monitored=0 &&
whmapi1 configureservice service=cpdavd enabled=0 monitored=0 &&
/scripts/restartsrv_cpsrvd --stop &&
/scripts/restartsrv_cpdavd --stop
2. Check for Active Malware
pkill -9 -f "nuclear.x86"
ps auxf | grep -i nuclear
Verification:
wget google.com
If the response shows “Killed”, malware may still be active.
3. Rotate All Credentials
Immediately update:
• WHM/cPanel passwords
• SSH keys (regenerate and replace everywhere)
• FTP/SFTP accounts
• Email accounts
• Database credentials
• API keys, SMTP credentials, webhooks
• CMS/admin panel logins
4. Audit for Unauthorized Access
Carefully review:
• Cron jobs
• FTP accounts
• Email forwarders
• SSH authorized keys
• Recently modified or unknown files (especially in public_html)
Important Considerations
• This is a system-level security issue, not limited to cPanel UI or license
• Even if malware is not currently detected, prior exposure may still result in compromise
• Partial cleanup may not fully eliminate hidden access mechanisms
Recommended Action
For maximum security and long-term stability:
• Perform a full OS reinstallation and fresh cPanel setup
• Restore only verified clean backups
• Apply updates and security hardening before going live
We strongly advise all clients to take this advisory seriously and act immediately to secure their servers.