☀️ Summer New Offers are LIVE! → 🎁 Open our Offers Page & get exciting deals with flat upto 20-30% OFF on all products → 🚀 Boost your hosting with faster, secure & reliable services at DotShift → 🔥 Don’t miss limited-time summer discounts across hosting, VPS, reseller & more → 👉 Visit Now: https://dotshift.net/offers 🎉     
Login
Offers

Important security update for cPanel/WHM servers running Exim mail service

⚠️ Vulnerability Overview

Multiple security vulnerabilities have been discovered in Exim affecting versions prior to 4.99.2.

  • CVE-2026-40684
  • CVE-2026-40685
  • CVE-2026-40686
  • CVE-2026-40687

📌 What is Exim?

Exim is a widely used Mail Transfer Agent (MTA) responsible for handling email delivery on Linux servers. It is the default mail server in cPanel/WHM environments, making it a critical component of hosting infrastructure.

🚨 Why This Matters

These vulnerabilities may allow attackers to exploit mail services and potentially:

  • Execute unauthorized actions
  • Disrupt email services (DoS)
  • Bypass security controls
  • Abuse your server for spam or malicious activity
✅ Official Fix Released

cPanel has released a patched version Exim 4.99.2 that resolves all affected CVEs.

This fix is included in the following cPanel & WHM versions:

  • 136.0.7
  • 134.0.23
  • 118.0.64
  • 110.0.112

🔧 How to Fix

To secure your server, update your cPanel/WHM installation:

/scripts/upcp --force

Restart Exim service after update:

systemctl restart exim

Verify installed version:

exim -bV

Expected: Exim 4.99.2 or later

📄 cPanel Change Log

Fixed CPANEL-53011: Updated Exim to 4.99.2 addressing all listed vulnerabilities.
View cPanel & WHM Change Log

⚠️ Important: If your server is running an older version of Exim, it may be vulnerable to exploitation. Immediate update is strongly recommended.
Shared Hosting Unlimited Hosting Reseller Hosting