CyberPanel Vulnerabilities: PQ.Hosting on Guard for Security!

We strive to keep you informed about the latest news concerning the security of your server so that you can respond timely to potential threats.

On October 28, 2024, a critical vulnerability was discovered in the CyberPanel control panel. This is a root-level RCE (Remote Code Execution) vulnerability that allows attackers to execute arbitrary code on the server without needing authentication. The discovery of the vulnerability is attributed to a researcher known by the pseudonym DreyAnd, who detailed the issue in his blog on Twitter.

What has been the impact?

Primarily, users have suffered—with preliminary estimates indicating that nearly 200,000 sites are already non-operational, and thousands of servers have been hacked and encrypted. The issue arose as part of the standard installation of CyberPanel on servers of some VPS providers and was sponsored by Freshworks. The researcher attempted to find vulnerabilities by examining the system from various angles, which ultimately led to the discovery of a critical vulnerability in version 2.3.6.

The PQ.Hosting team does not stand aside, as the security of our clients and their data is our top priority.

The setup and restoration of stable operation require specific skills and knowledge, which is why PQ.Hosting strongly recommends contacting the official representatives on the CyberPanel website if you have any questions. For more details about the issue and what the developers recommend, read their blog via the link provided.

At PQ.Hosting, we take security seriously and guarantee that we will continue to inform you about all important changes that may impact your operational activities. Stay vigilant and do not ignore recommendations for system updates.