Truehost Cloud Status

Update: Restoration at is at 100.00%

The restoration was completed at around 11:30PM. We're working with customers who may need access to their platform to fix any accessibility issues.

The new host for the restored accounts is das125.truehost.cloud with IP 102.212.247.115

In case of any issues, feel free to reach out to us via Call, WhatsApp, Livechat or Email.

Update: Restoration at is at 78.56%

The restoration is on going. Currently, 78.56% of accounts have been restored successfully.

Restore is expected to end soon. Most accounts are now active

Update: Restoration at is at 46.44%

The restoration is on going. Currently, 46.44% of accounts have been restored successfully.

We will continue to provide updates as we go.

Update: Restoration at is at 30.54%

The restoration is on going. Currently, 30.54% of accounts have been restored successfully. Accounts that are active have been notified.

Restoration in progress

Following our investigation into the CVE-2026-41940 security incident, our team has completed the forensic review of the affected server and has begun restoring verified clean backups to a brand new, fully patched and hardened server. No files affected by this CVE are being carried forward, only verified clean backup data is being restored.

We expect the restoration to be fully complete within 24–36 hours from the time of this update. We will notify you once your services are confirmed back online.

Please be aware that because your hosting account is being migrated to a new server, your hosting IP address will change. If your DNS is managed through us, this will be handled automatically. However, if you manage your own DNS records through an external provider, such as Cloudflare, Vercel, or any other third-party DNS service — you will need to manually update your A records to the new IP address from within your DNS management portal. We will contact you individually with your new IP address once the restoration is completed. For quick status update of an individual accounts' restoration, please don't hesitate to reach out via support@truehost.cloud

If you are unsure whether this applies to you or need help updating your records, please open a support ticket and our team will assist you directly. We appreciate your continued patience.

Truehost Team

Security Incident – Server Taken Offline

We are writing to inform you of a serious security incident affecting server rbx108.treushot.cloud. This server has been taken offline as an immediate precautionary measure following the public disclosure of CVE-2026-41940, a critical zero-day vulnerability in cPanel & WHM.

This vulnerability, rated 9.8 out of 10.0 in severity, allows unauthenticated attackers to bypass authentication and gain full administrative access to affected hosting servers. It impacts all versions of cPanel & WHM after v11.40 and has been confirmed as actively exploited in the wild.

What Happened?

On April 28, 2026, cPanel released an emergency security patch for CVE-2026-41940 after it was discovered that the vulnerability had already been exploited by malicious actors across the internet. Out of an abundance of caution and to protect your data, we immediately took rbx108.treushot.cloud offline upon detection to prevent any further unauthorized access and to begin a thorough investigation.

Impact

All services on rbx108.treushot.cloud are currently offline. Clients hosted on this server are unable to access:

• Websites and web applications

• Email accounts

• Databases

• Files and FTP access

• cPanel control panel

We understand how disruptive this is and sincerely apologize for the inconvenience.

Our team is actively working around the clock to:

1. Investigate the extent of the incident on this server
2. Patch and harden the server environment against CVE-2026-41940
3. Restore client data and services from backups
4. Verify the integrity of all restored data before bringing services back online

Estimated Resolution

We expect the restoration process to be completed within 24–48 hours from the time of this notice. We will post updates here as work progresses and will notify affected clients directly once services are restored.

Need Help?

If you have urgent questions or concerns, please contact our support team via support@truehost.cloud. We are prioritising responses for clients affected by this incident.

We take the security and integrity of your data extremely seriously. Thank you for your patience as we work to resolve this as quickly and safely as possible.

— The Truehost Infrastructure Team

Update

cPanel and Webmail accessibility has been enabled for all users. You can use the normal links to access cPanel or Webmail. eg, if your domain is truehost.com, use the following links:

cPanel: truehost.com/cpanel or cpanel.truehost.com Webmail: truehost.com/webmail or webmail.truehost.com

Reseller WHM access is still not yet activated. We are completing checks and verification on this before activation.

Update on Accessibility

We have been monitoring the situation around CVE-2026-41940 as cPanel continued to provide updates.

After checking, we are more confident the vulnerability has been addressed from our forensic checks.

We are now initiating the process to restore access to cPanel, Webmail and WHM access for resellers. ETA is 1hrs from now.

Emergency Port Block – CVE-2026-41940 (Critical cPanel Vulnerability)

As part of our ongoing response to the critical security vulnerability CVE-2026-41940 affecting cPanel & WHM, we have taken the precautionary step of blocking the following ports across all of our shared hosting servers:

• Port 2083 — cPanel Web Access (HTTPS)

• Port 2082 — cPanel Web Access (HTTP)

• Port 2087 — WHM Access for Resellers (HTTPS)

• Port 2086 — WHM Access for Resellers (HTTP)

• Port 2095 — cPanel Webmail (HTTPS)

• Port 2096 — cPanel Webmail (HTTP)

• Port 1624 — cPanel SSH Access

These ports will remain blocked until we are confident that all servers have been fully patched and verified as secure.

Why We Did This

CVE-2026-41940 is a critical zero-day vulnerability in cPanel & WHM, rated 9.8 out of 10.0 in severity. It allows unauthenticated attackers to completely bypass login authentication and gain full administrative access to hosting servers, putting websites, databases, email accounts, and files at risk.

This vulnerability has been actively exploited in the wild. Blocking these ports immediately is the recommended mitigation measure issued by cPanel themselves while patches are verified across our infrastructure. The security of your data is our top priority.

Affected Services

The following services are temporarily unavailable as a result of this action:

• cPanel control panel (web access)

• cPanel Webmail

• WHM access for resellers

• SSH access via cPanel (port 1624)

All websites, domains, and email delivery continue to function normally. Only administrative access interfaces are affected.

Accessing Your Email in the Meantime

If you use cPanel Webmail to read your email, you will not be able to access it via the web interface while this block is in place. We recommend configuring your email account in a desktop or mobile client such as Microsoft Outlook using the standard IMAP/POP3 and SMTP settings for your domain.

If you need help setting up Outlook or another email client, please contact our support team at support@truehost.cloud and we will assist you.

What We Are Doing?

Our team is working urgently to:

1. Apply and verify the official CVE-2026-41940 patch across all shared hosting servers
2. Audit server logs for any indicators of compromise
3. Restore full access to all affected services as quickly as possible

We will update this notice as soon as ports are cleared to reopen and will notify all clients directly once normal access is restored.

Questions or Urgent Support?

If you have any concerns or require assistance during this period, please reach out to our support team. We are prioritising tickets from affected clients.

Thank you for your understanding as we take these necessary steps to protect your hosting environment.

— The Truehost Infrastructure Team