Liquid Web - Services Status

Identified: A recently disclosed Linux vulnerability (CVE-2026-31431), sometimes referred to as “Copy Fail,” affects certain Linux distributions and may allow a local, unprivileged user to escalate privileges under specific conditions. This issue has been classified as high severity.

Status Our security and operations teams have completed an assessment of our infrastructure and have applied all relevant vendor patches and mitigations to affected systems.

Impact No evidence of exploitation has been identified within our environment Systems under our management have been patched or otherwise mitigated

Customer Guidance Customers managing their own systems or using unmanaged services should ensure they have applied the latest security updates provided by their Linux distribution and review any related vendor advisories.

We will continue monitoring this vulnerability and will provide updates if new information becomes available.

Identified: A recently disclosed Linux vulnerability (CVE-2026-31431), sometimes referred to as “Copy Fail,” affects certain Linux distributions and may allow a local, unprivileged user to escalate privileges under specific conditions. This issue has been classified as high severity.

Status Our security and operations teams have completed an assessment of our infrastructure and have applied all relevant vendor patches and mitigations to affected systems.

Impact No evidence of exploitation has been identified within our environment Systems under our management have been patched or otherwise mitigated

Customer Guidance Customers managing their own systems or using unmanaged services should ensure they have applied the latest security updates provided by their Linux distribution and review any related vendor advisories.

We will continue monitoring this vulnerability and will provide updates if new information becomes available.

Identified: A recently disclosed Linux vulnerability (CVE-2026-31431), sometimes referred to as “Copy Fail,” affects certain Linux distributions and may allow a local, unprivileged user to escalate privileges under specific conditions. This issue has been classified as high severity.

Status Our security and operations teams have completed an assessment of our infrastructure and have applied all relevant vendor patches and mitigations to affected systems.

Impact No evidence of exploitation has been identified within our environment Systems under our management have been patched or otherwise mitigated

Customer Guidance Customers managing their own systems or using unmanaged services should ensure they have applied the latest security updates provided by their Linux distribution and review any related vendor advisories.

We will continue monitoring this vulnerability and will provide updates if new information becomes available.

Identified: While our teams continue to advance remediation efforts following the cPanel vulnerability (CVE-2026-41940), significant progress has been made in restoring essential systems. We are diligently addressing the remaining requests and follow-up actions; however, please be aware that response times may remain extended. Your continued patience is greatly appreciated as we work through this process.

Live Chat Support will begin to be available once again starting today, operating with partial staff.

To ensure efficient support and allow our teams to focus on active recovery:

• Please use live chat only for new, non-CVE issues.
• Live chat staff are currently unable to provide status updates on existing restore work.
• If you are awaiting a server restore, or need assistance throughout the restore process, please request an update within your existing support ticket.

We sincerely appreciate your continued patience, understanding, and cooperation as we work to fully complete these efforts and restore normal support operations.

Identified: Our teams continue to work diligently through elevated support volume related to the recent cPanel vulnerability and the associated remediation efforts.

We are making strong progress in reviewing and resolving the cases associated with this incident, while continuing patching and security mitigation activities across affected environments. Our teams are also actively working through the remaining systems requiring additional remediation or upgrade planning.

To allow our staff to remain focused on active recovery efforts and customer assistance, support chat will remain temporarily unavailable at this time. Customers with existing support cases are kindly encouraged to continue communication through their open ticket rather than submitting duplicate requests, as this helps us respond to all customers as efficiently as possible.

Although overall ticket volume has improved, response times may still be longer than usual while we continue working through the remaining requests and follow-up actions.

We are still working diligently on restoring servers where compromises were evident. During this time public access to those servers may be limited or removed. If you feel your server may be blocked un-necessarily, please reach out to our support team to have them review that.

We sincerely appreciate your continued patience, understanding, and cooperation as we work to fully complete these efforts and restore normal support operations.

If you have questions or need assistance, please contact Support.

Identified: We continue to work through securing and patching services due to the recent cPanel vulnerability. Chat Support will remain temporarily unavailable as we continue to work through patching affected servers.

If you have an active case, please try to avoid opening duplicate cases by keeping all communication to the open thread. Our Support team is working hard to respond to all active cases.

Thank you for your continued patience while we work through this.

Identified: We are diligently working through an elevated ticket volume related to the recent cPanel vulnerability. Chat will remain temporarily unavailable during this time.

During this time our responses may be delayed. If you already have a ticket open, please avoid submitting duplicate requests, as this can increase overall volume and delay progress.

Thank you for your continued patience while we work through this.

Identified: Update: Support through chat remains temporarily unavailable while our teams continue working through elevated ticket volume related to the recent cPanel vulnerability.

Our teams are actively reviewing and responding to open tickets as quickly as possible. While progress has been made, response times may still be longer than usual. If you already have a ticket open, please avoid submitting duplicate requests, as this can increase overall volume and delay responses.

We will continue to monitor volumes and restore chat support once conditions allow.

Thank you for your continued patience while we work through these requests.

Identified: Support chat is temporarily unavailable while our support team focuses on responding to the backlog of tickets related to the recent cPanel vulnerability.

Our teams are working as quickly as possible to review and respond to open tickets. If you already have a ticket open, please avoid submitting duplicate tickets, as this can increase overall support volume and slow our ability to respond to impacted customers.

cPanel security patches have been deployed across eligible servers, and network restrictions have been removed. For servers not eligible for the patch, additional protections are in place that may limit access to certain cPanel services.

Thank you for your patience while we continue working through these requests.

Identified: cPanel patches have been deployed across all eligible servers.

For a subset of systems running versions that cannot be updated, additional security protections are being implemented to allow continued access to cPanel services while maintaining necessary safeguards.

To ensure ongoing protection, cPanel service ports will remain restricted on these systems. Customers who prefer to fully restore standard access will need to update to a supported version of cPanel.

Our team will be reaching out with guidance on available options. If you have questions or need assistance, please contact Support.

Identified: cPanel patches have been deployed across all eligible servers. As mitigation measures are now in place for the majority of systems, we have lifted the temporary network-level blocks that were implemented to prevent unauthorized access.

For servers ineligible for the patch, we are applying temporary protections at the server level using CSF. As part of this step, CSF rules are being implemented to restrict access to the affected ports. This approach allows access to be controlled by whitelisting trusted client IP addresses while maintaining appropriate security protections.

We strongly recommend that all customers update to the latest version of cPanel & WHM as soon as possible to ensure full protection against this vulnerability. For servers not eligible for the patch, we will be reaching out shortly with guidance on what options are available to secure your environment.

We will continue to closely monitor the situation and take any additional steps necessary to maintain system security and stability. If you need assistance with updating cPanel or have any concerns, please contact our Support team.

Identified: The cPanel patch remains deployed across eligible systems, and network-level firewall restrictions for cPanel, WHM, webmail, and web disk ports are still in place at this time.

Our team is reconvening this morning to review overall progress, evaluate any remaining update exceptions, and determine the appropriate timing for safely removing these access restrictions.

We will provide additional updates as soon as more information becomes available.

We appreciate your continued patience as we work toward restoring full access. If you have any issues in the meantime, please contact our support team for assistance.

Identified: Update: cPanel patch implemented.

We have deployed cPanel’s latest patch across eligible servers.

cPanel versions: TIER 11.110 WAS: 11.110.0.96 NOW: 11.110.0.97 TIER 11.118 WAS: 11.118.0.61 NOW: 11.118.0.63 TIER 11.126 WAS: 11.126.0.53 NOW: 11.126.0.54 TIER 11.132 WAS: 11.132.0.27 NOW: 11.132.0.29 TIER 11.134 WAS: 11.134.0.19 NOW: 11.134.0.20 TIER 11.136 WAS: 11.136.0.4. NOW: 11.136.0.5

We are currently evaluating servers that failed to update (or had pre-existing update blockers), and we will be sending further updates as soon as more information is available. Network-level firewall blocks for cPanel, WHM, webmail, and webdisk ports remain in place at this time.

We appreciate your continued patience as we complete these actions to restore full service. If you have any questions in the meantime, please contact us for assistance.

Identified: Update: cPanel Patch Deployment Underway

cPanel has released a patch to address the authentication vulnerability that was identified today. Our engineers are currently working on deploying this patch across eligible cPanel services.

Once the patch is successfully applied, we will take the following actions: Remove the network-level firewall blocks: cPanel: 2082 / 2083 WHM: 2086 / 2087 Webmail: 2095 / 2096 Web Disk: 2077 / 2078

More information from cPanel is available here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication

We appreciate your continued patience as we complete these actions to restore full service. If you have any questions in the meantime, please contact us for assistance.

Investigating: cPanel has disclosed that the additional cPanel-provided services Webmail and Web Disk are impacted by this vulnerability.

Out of an abundance of caution, and based on cPanel’s current recommendation, we are implementing temporary protective changes on servers hosted on our network.

Temporary changes being implemented: -Blocking access to ports related to cPanel services: WHM: 2082 / 2083 cPanel: 2086 / 2087 Webmail: 2096 / 2097 Web Disk: 2077 / 2078

-Temporarily disabling cpsrvd, which is the web wrapper for cPanel web services.As a result, cPanel, WHM, Webmail, Web Disk, and related cPanel services will be inaccessible, including over Cloud VPN connections.

These changes do not impact websites, email delivery, databases, or Apache functionality.

Customers who normally access email through Webmail can still access email by using a mail client. Setup instructions are available here: https://www.liquidweb.com/help-docs/email/mail-clients/setup-an-email-client/

These temporary restrictions will be reverted as soon as cPanel releases a patch addressing the critical vulnerabilities.

Additional information from cPanel is available here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication

If you have further questions or need assistance, please contact our Support team.

Investigating: A brief configuration issue in our Ashburn (NTT) data center caused an un-intended disruption to outbound network traffic. Customers with servers in this location may have experienced intermittent connectivity or downtime lasting approximately 10 minutes. Our team quickly identified and corrected the issue. All services have since been restored and are functioning normally.

We continue to restrict access to cPanel/WHM interfaces on ports 2082, 2083, 2086, and 2087 across our data centers until a patch is released by cPanel.

If you need assistance with any cPanel/WHM items please reach out to support through live chat or a ticket.

We will provide additional updates to this status page as more information is made available.

Investigating: We are actively responding to a critical vulnerability affecting all versions of cPanel & WHM. This vulnerability impacts the authentication process and could allow unauthorized access if left unmitigated.

More information from cPanel is available here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication

Our team is working alongside vendor guidance and implementing proactive safeguards to protect environments. As an immediate precaution, we have temporarily restricted access to cPanel/WHM interfaces on the following ports 2082, 2083, 2086, and 2087. Restricted access will remain in place until a patch is developed and deployed. This action is being taken to prevent potential unauthorized access while a permanent fix is finalized.

Impact: -Restricting access to cPanel/WHM Ports via a network firewall block. During this time customers will not be able to login to either WHM or cPanel unless they use a Cloud VPN Connection. -No impact to hosted websites, applications, email or services.

We are closely monitoring the official patch release from cPanel and will deploy it as quickly as possible. Once mitigations are no longer required, normal access will be restored.

Until a patch is released by cPanel customers will need to utilize a Cloud VPN connection to access WHM or cPanel, or reach out to support via live chat or ticket for assistance WHM or cPanel assistance. Instructions on how to create a Cloud VPN user can be found here: https://www.liquidweb.com/help-docs/portal/account/account-security/setting-up-your-cloud-vpn/

If you require access to cPanel and WHM please feel free to reach out to us via chat or open up a support ticket with your request and we will be happy to assist you.

No additional action is required at this time. We will provide additional updates to this status page as more information is made available.

Identified: A recently disclosed vulnerability (CVE-2026-48172) in the LiteSpeed user-end cPanel plugin allows an unprivileged user to escalate to root privileges in plugin versions between v2.3 and v2.4.4. This issue has been classified as high severity. Public reports suggest the vulnerability was being exploited in the wild in May 2026, and indicators of compromise have been published. On May 19th cPanel issued a separate update which disabled and removed the plugin. This vulnerability is patched in v2.4.7 of the user-end plugin and v5.3.1.0 of the WHM plugin (which bundles the user-end plugin).

Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-48172 https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ https://support.cpanel.net/hc/en-us/articles/40599423437079-Security-LiteSpeed-plugin-automatically-removed-during-nightly-update-May-19-2026

Status Our security and operations teams are completing an assessment of our infrastructure and will force a upcp update today for all systems we are able to reach. We plan to review for Indicators of Compromise following the updates.

Customer Guidance Customers managing their own systems or using unmanaged services should ensure they have applied the latest security updates or have removed the plugin. Customers should also review their systems for indicators of compromise using the information provided in the LiteSpeed blog article.

Should you need any assistance or have any questions or concerns, you can reach us through the following channels:

Live Chat via the Customer Portal: https://my.liquidweb.com Email: [email protected]

We will continue monitoring this vulnerability and will provide updates if new information becomes available.

Resolved: This incident has been resolved.

Monitoring: Access to the portal through login.liquidweb.com has been restored, and the site is now loading successfully. Our teams have implemented a fix and are continuing to monitor the service to ensure stability.

We will provide additional updates if any further issues are identified.

Thank you for your patience while we worked to restore access.

Investigating: We are continuing to investigate the issue impacting access to the portal through login.liquidweb.com.

While the site may be loading for some users, our teams are still reviewing the issue and working to confirm full service stability. Updates will be provided as more information becomes available.

Thank you for your patience while we continue working toward a resolution.

Investigating: We are investigating an issue preventing customers from accessing the portal through login.liquidweb.com. Updates are forthcoming as more information becomes available.

Need help? Chat with us or contact Support for assistance.

We appreciate your patience and understanding as we work to restore portal access. Thank you.