Knowledgebase
Web Hosting Email Migrations Plesk Domains
SEARCH
RSS Feed
Latest Updates
May
23
Security Notice: LiteSpeed cPanel Plugin Vulnerability CVE-2026-48172
Posted by Lee Blakely on 23 May 2026 06:21 PM

Published: May 23, 2026

Status: Reviewed and remediated

Client action required: No

Reliable Penguin has completed a review of all managed WHM/cPanel servers in response to the recently disclosed LiteSpeed cPanel plugin vulnerability, tracked as CVE-2026-48172.

This vulnerability affects certain versions of the LiteSpeed User-End cPanel Plugin and may allow privilege escalation on impacted systems. The issue does not affect every WHM/cPanel server, but it is relevant to environments where the affected LiteSpeed cPanel user-end plugin was installed.

As part of our managed security response, Reliable Penguin has:

  • Reviewed all managed WHM/cPanel servers for exposure.
  • Identified whether the affected LiteSpeed cPanel plugin was present.
  • Applied appropriate vendor patches and/or mitigations where needed.
  • Confirmed that no client-side action is required at this time.

LiteSpeed web service functionality is not expected to be impacted by the mitigation steps. Websites using LiteSpeed or LiteSpeed Cache should continue to operate normally.

We will continue monitoring vendor advisories and security updates related to this issue. If any additional action becomes necessary for a managed server, Reliable Penguin will handle it directly or contact affected clients with specific instructions.

For questions, please contact Reliable Penguin Support.

Summary: Reliable Penguin has reviewed all managed WHM/cPanel servers for CVE-2026-48172 and applied appropriate patches and/or mitigations. No client action is necessary at this time.


Read more »


May
21
Drupal Security Release Notice - CVE-2026-9082
Posted by Lee Blakely on 21 May 2026 11:41 AM

Drupal has published SA-CORE-2026-004, a highly critical Drupal core security advisory for a SQL injection vulnerability in Drupal core.

The vulnerability is tracked as CVE-2026-9082 and has been rated Highly critical, 20/25 by the Drupal Security Team. The primary issue affects Drupal sites using PostgreSQL databases. Drupal states that the vulnerability may be exploitable by anonymous users and could allow arbitrary SQL injection, potentially leading to information disclosure, privilege escalation, remote code execution, or other attacks.

Drupal has also included coordinated upstream dependency security updates for Symfony and Twig in the supported Drupal core releases. Because of those dependency updates, Drupal recommends updating even for sites that are not using PostgreSQL.

Reliable Penguin does not perform Drupal application updates. Drupal site owners and administrators should review their own Drupal installations, determine whether their sites are affected, and take appropriate action based on Drupal’s official advisory.

Affected Drupal versions include Drupal core versions from 8.9.0 through versions before 10.4.10, 10.5.x before 10.5.10, 10.6.x before 10.6.9, 11.0.x before 11.1.10, 11.2.x before 11.2.12, and 11.3.x before 11.3.10. Drupal recommends updating to the latest available release for your supported branch.

Site owners should apply updates promptly and review which user roles have permission to update Twig templates, such as through Views or contributed modules.

Read the official Drupal security advisory:
https://www.drupal.org/sa-core-2026-004

For urgent questions, please contact Reliable Penguin support.


Read more »


May
20
Drupal Security Release Notice
Posted by Lee Blakely on 20 May 2026 10:18 AM

Drupal has announced an upcoming highly critical Drupal core security release scheduled for Wednesday, May 20, 2026, between 1:00 PM and 5:00 PM EDT.

Reliable Penguin is monitoring the release window and will review the advisory as soon as Drupal publishes the update. If any hosted or managed Drupal sites are affected, we will prioritize applying the required security updates and mitigation steps.

Drupal has indicated that not all configurations may be affected, but site owners should reserve time during the release window to evaluate and apply updates promptly. Exploit details may become available within hours or days after disclosure.

Read the official Drupal security release notice

For urgent questions, please contact Reliable Penguin support.


Read more »


May
18
Security Notice: Upcoming cPanel & WHM Security Patch — May 20, 2026
Posted by Lee Blakely on 18 May 2026 04:51 PM

Update: May 20, 2026

cPanel has released the security patches for this notice ahead of the originally scheduled release time. The patched builds are now available for affected versions of cPanel & WHM.

This release addresses multiple security issues, including vulnerabilities rated up to High severity. cPanel has identified the following items as addressed in this release:

Minimum Patched Builds

Servers should be updated to the appropriate patched build or later:

TierMinimum Patched Build
11.136 (WP Squared) 11.136.1.16 and higher
11.136 11.136.0.13 and higher
11.134 11.134.0.29 and higher
11.132 11.132.0.35 and higher
11.130 11.130.0.26 and higher
11.126 11.126.0.62 and higher
11.124 11.124.0.41 and higher
11.118 11.118.0.68 and higher
11.110 11.110.0.121 and higher
11.110 (cl6110) 11.110.0.120 and higher
11.102 11.102.0.43 and higher
11.94 11.94.0.32 and higher
11.86 11.86.0.45 and higher

Reliable Penguin Response

Reliable Penguin is applying the available cPanel & WHM security updates across managed client servers. We strongly recommend that any affected servers not managed by Reliable Penguin be updated manually as soon as possible.

For servers managed by Reliable Penguin, no customer action is required unless we contact you directly regarding a maintenance window or special update requirement.

Where a manual update is required, the update can be applied with:

/scripts/upcp

Note for CentOS 6 or CloudLinux 6 systems: cPanel advises updating to the cl6110 branch, version 11.110.0.120, before manually updating.

We will continue monitoring this issue and will take any additional remediation steps as needed.


May 18, 2026

Reliable Penguin has been notified by cPanel that a cPanel & WHM security patch is expected to be released on Wednesday, May 20, 2026 at 8:00 AM Eastern Time.

According to cPanel, this release will address multiple vulnerabilities across several versions of cPanel & WHM, including vulnerabilities rated up to High severity.

cPanel has stated that there are currently no known exploits or proof-of-concept code in the wild. Technical details are expected to be released alongside the patches.

Affected Versions

The following cPanel & WHM versions are expected to be impacted:

  • 86
  • 94
  • 102
  • 110
  • 110 (CL6)
  • 118
  • 124
  • 126
  • 130
  • 132
  • 134
  • 136
  • 136 (WP2)

Reliable Penguin Response

Reliable Penguin is reviewing managed cPanel & WHM servers for affected versions and will apply the security update once it becomes available.

For servers managed by Reliable Penguin, no customer action is required at this time unless we contact you directly regarding a maintenance window or special update requirements.

Next Steps

We will continue monitoring the release and will provide an update once the patch is available and remediation work is underway.


Read more »


May
16
Subscribe To RP News Now!
Posted by Lee Blakely on 16 May 2026 12:42 PM

Reliable Penguin is launching the RP News mailing list, a dedicated way for clients to stay informed about important updates from our team.

We encourage all Reliable Penguin clients to join the list so they can receive timely notices about:

  • Important security updates
  • Operational notices and service-related announcements
  • New Reliable Penguin product offerings
  • Opportunities, events, and other updates from our team

Our goal is to make sure clients have a clear and reliable way to hear about information that may affect their websites, hosting, infrastructure, support, or services with Reliable Penguin.

Why join?

RP News will help you stay ahead of important changes and opportunities. Some updates may be informational, while others may include security or operational details that are important for your organization to review.

By joining the mailing list, you can make sure the right people on your team receive these updates directly.

Who should subscribe?

We recommend that each client organization have at least one primary contact subscribed. Depending on your team, you may also want to include:

  • Website administrators
  • IT or security contacts
  • Operations managers
  • Marketing or communications contacts
  • Anyone responsible for Reliable Penguin services within your organization

Join the RP News list

Please use the signup form below to subscribe to the RP News mailing list and stay informed about Reliable Penguin updates, important notices, new offerings, and opportunities.

If you are unsure who from your organization should be subscribed, please contact Reliable Penguin support and we will be happy to help.


Read more »



View all news