Hope everyone is doing well. We understand that many users are concerned and reaching out to us. We’re working hard to resolve all issues, and it’s important to share some details with our CyberPanel community to help alleviate any worries.
Explanation of the Issue and Its Resolution
Recently, two security experts contacted us about a code-level vulnerability in CyberPanel. Specifically, we missed a condition in the code that could expose certain server details valuable to hackers.
NOTE: We’re not sharing the exact location of the vulnerability to avoid exposing servers that still need updating.
When the experts informed us about the issue, we immediately reviewed their findings and released a security patch within 30 minutes. If the experts are reading this, they know how swiftly we acted. They later advised us to announce this issue publicly, but we requested to hold off to allow users time to update for security reasons. Though we didn’t initially announce it, a routine update included the security patch.
Unfortunately, the information was revealed on a third-party site, leading to concerns among our users.
NOTE: We’ll share the full details of the vulnerability.
Get exclusive access to all things tech-savvy, and be the first to receive
the latest updates directly in your inbox.
What to Do Now?
There are two scenarios: one for users with SSH access and one for users without it.
- If You Have SSH Access:
Simply update your panel using our update guide. No further action is needed. - If You Don’t Have SSH Access:
This might occur if a server overload due to hacking attempts has caused your provider to block IP or port 22 access. Contact your provider and request they enable port 22. Once they do, update the panel and, if needed, share access with our support team at [email protected].
If no ports are accessible, this usually indicates they are blocked, and your provider can assist in re-enabling them.
Please don’t panic. We’re actively working with everyone who reaches out, but updating your panel yourself will help both you and our team resolve this faster. We’ll be here with 24/7 support until all users are secure.
Helpful Links and Contacts
- Update Guide: https://community.cyberpanel.net/t/02-upgrading-cyberpanel/81
- Support Email: [email protected]
Updated with some solutions:
Quick Fixes for Common Update Issues
If you’re facing challenges with updates, we’ve compiled solutions for three common issues users encounter. Follow the instructions below to resolve each one efficiently.
1. Cron Permission Issue
If you see an error message like the one below, it’s likely due to a permission issue with cron:
Issue Details:
PermissionError: [Errno 1] Operation not permitted: '/var/spool/cron/crontabs/root'Solution:
Run the following command to fix this permission error: this will also help to remove the high CPU issue.
wget -O- https://raw.githubusercontent.com/shbs9/CPupgradebash/refs/heads/main/withusd.sh | bash2. Package Installation Issue on Ala8
For users on Ala8, package installation errors can occasionally occur, specifically with Python packages.
Issue Details:
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-pjuquie_/pynacl/Solution:
To resolve this error, run the following command:
wget -O- https://raw.githubusercontent.com/shbs9/CPupgradebash/refs/heads/main/lamafix.sh | bash3. Package Metadata Issue on Ubuntu
If you’re encountering issues on Ubuntu, this may be related to subprocess errors during metadata generation.
Issue Details:
You may see the following error message:
Encountered error while generating package metadata.
╰─> See above for output.Solution:
To address this, execute the following command:
wget -O- https://raw.githubusercontent.com/shbs9/CPupgradebash/refs/heads/main/ubuntufix.sh | bashSome decrypter found please check if it helps:
https://gist.github.com/gboddin/d78823245b518edd54bfc2301c5f8882
