CVE-2026-41940 — cPanel Security Advisory
Infrastructure provider: Serversaurus
What was reported
A security vulnerability, CVE-2026-41940, was disclosed affecting cPanel and WHM infrastructure across the hosting industry. cPanel notified providers as part of coordinated disclosure.
What Serversaurus confirmed
All Serversaurus-hosted cPanel systems received the patched release (version 11.134.0.20) via automated updates on 30 April 2026 at approximately 00:01:45 AEST — before the advisory was widely reported and before our enquiry was received.
Serversaurus monitors upstream security advisories and applies patches in line with their standard operating procedures. Platform-level updates of this kind are applied centrally and are not issued as individual notifications to tenant-level contacts.
Outcome
No exposure. EW-hosted services were on the patched version prior to disclosure. No further action is required.
Why we publish these notices
EW's infrastructure runs on services shared across network members. When a security advisory touches that infrastructure, we confirm status with the relevant provider and publish what we find — regardless of outcome. A resolved notice is still worth publishing: it closes the loop for anyone who heard about the advisory and wondered if it applied here.
Provider updates are listed on the Shared Hosting & Maintenance page.