This guide is for WHM/cPanel servers running Ubuntu 24.04 LTS. cPanel’s current Ubuntu requirements list Ubuntu 24.04 LTS as the supported Ubuntu version, so do not use this as a generic Ubuntu 20.04 or 22.04 cPanel guide unless your cPanel branch and vendor support contract explicitly say otherwise.
The fix path is simple but has to be done in the right order: update cPanel for CVE-2026-41940, update Ubuntu packages and the kernel for CVE-2026-31431 Copy Fail, reboot, then verify.
Confirm The Server
cat /etc/os-release
/usr/local/cpanel/cpanel -V
uname -r
df -h / /boot /usr/local/cpanel
systemctl get-default
cPanel supports AppArmor on Ubuntu and does not require you to disable it. SELinux should not be installed for cPanel on Ubuntu.
Step 1: Patch cPanel And WHM
/scripts/upcp --force
/usr/local/cpanel/cpanel -V
/scripts/restartsrv_cpsrvd --hard
If the cPanel update fails, do not move on and call the server done. CVE-2026-41940 is in the cPanel software layer, not the Ubuntu kernel.
Step 2: Patch Ubuntu Packages And Kernel
Copy Fail is a kernel issue. cPanel notes that Ubuntu should be patched by updating to the latest kernel. Start with the normal package update flow.
apt update
apt list --upgradable
DEBIAN_FRONTEND=noninteractive apt upgrade
If your server tracks the generic Ubuntu kernel packages, make sure the kernel image and headers are upgraded.
apt install --only-upgrade linux-image-generic linux-headers-generic
reboot
Step 3: Verify After Reboot
uname -r
dpkg -l 'linux-image*' | grep '^ii'
/usr/local/cpanel/cpanel -V
systemctl status cpanel --no-pager
/scripts/restartsrv_cpsrvd --status
If you run a provider-specific kernel, check Ubuntu’s CVE tracker and your provider’s release notes for the exact fixed package. The important part is not just that `apt upgrade` ran. The server must be running a kernel that includes the Copy Fail fix.
Step 4: Run The cPanel IOC Check
For the cPanel authentication bypass, use cPanel’s official indicator-check guidance from the advisory. Review the script before running it and keep the output private for incident response.
- Open the official cPanel advisory.
- Download the current indicator-check script from cPanel.
- Review it locally before use.
- Run it as root during a maintenance or incident-response window.
- Keep findings private and rotate credentials if indicators are found.
Temporary Mitigation If A Kernel Fix Is Not Available
If your vendor has not released a fixed kernel yet, use the vendor advisory or cPanel guidance for temporary mitigation. Test it in a maintenance window first, because kernel-level mitigations can affect VPN, crypto, container, or application workloads. Remove any temporary mitigation after a fixed kernel is installed and verified.
If This Is Ubuntu 22.04
Do not assume a modern cPanel update path exists. cPanel’s current Ubuntu system requirements list Ubuntu 24.04 LTS. If you still have an older Ubuntu cPanel host, treat it as a migration project: build a supported cPanel server, transfer accounts, lower DNS TTLs, and retire the old node.