Identified
On May 12th, a critical security vulnerability affecting WHMCS authorization checks within the Client Area was identified by the vendor. This issue impacts WHMCS versions 7.4 and later, and may expose servers to unauthorized access if left unpatched.
Where possible we have patched, however a small subset of customers have configurations active that prevent us from patching. We have secured these servers; however, this will restrict your access to Client Area and affect manual renewals and account management.
For additional information on the issue, please visit the WHMCS website: https://help.whmcs.com/m/125386/l/2073908-cve-2026-29204?token=_4RH-0s0febHsrNiC8GdPymsqg3_nSdT
Posted May 12th, 2026 6:34 pm EST 
Affected Services
- Account Manager