Dear NepalCloud Customers,
We have completed an emergency WHMCS update on our client portal in response to the recently disclosed WHMCS security vulnerability CVE-2026-29204.
According to WHMCS, this vulnerability affects WHMCS 7.4 and later and involves insufficient authorization checks in the Client Area. Under specific conditions, an authenticated user could perform actions outside their normal account permission scope, including possible access to services not owned by them. WHMCS has released patched versions WHMCS 9.0.4 and WHMCS 8.13.3 to address this issue.
The NVD entry also lists this as an ownership/authorization check issue in clientarea.php, with a CNA-provided CVSS 3.1 score of 9.1 Critical.
Because this was a security-sensitive update, we did not wait for the normal planning, migration, staging, and extended testing process. We chose to patch immediately to protect customer accounts and services.
As part of this emergency update, we have temporarily disabled most third-party plugins, custom modules, and themes to reduce risk and avoid compatibility issues after the WHMCS update. Some parts of the client area may look different or may not work exactly as before while we review and re-enable components safely.
What this means for customers:
Your services are not affected by this portal update.
VPS, hosting, domains, and active services continue to run normally.
Some client-area features, themes, order pages, or plugin-based functions may be temporarily unavailable.
We will re-enable required modules after compatibility checks.
If you find any bug, broken page, missing option, login issue, order issue, invoice issue, or any unexpected error in the client area, please report it to us through support ticket or live chat with a screenshot and short explanation.
Security was prioritized over appearance and convenience in this case. Thank you for your patience and understanding while we complete the remaining cleanup and compatibility checks.
NepalCloud Team
NepalCloud Host
https://clients.nepalcloud.host
