Microsoft, GitHub and cPanel patched

Microsoft, GitHub and cPanel all pushed security fixes this week, spanning cloud identity, self-hosted source code and web-hosting control panels. (learn.microsoft.com) (docs.github.com) (support.cpanel.net) Microsoft Entra Agent ID is Microsoft’s identity system for artificial intelligence agents, which are software workers that act with their own service principal inside a tenant. Microsoft’s documentation says those agent identities are supposed to run with tighter guardrails than ordinary apps or users. (learn.microsoft.com 1) (learn.microsoft.com 2) That matters because a service principal is the account an application uses to sign in and request access, much like a badge for software instead of a person. Microsoft says agent identities can receive some Microsoft Entra roles, but many high-privilege directory roles are blocked to keep agents from gaining broad administrative power. (learn.microsoft.com 1) (learn.microsoft.com 2) Microsoft’s public documentation around Agent ID changed in April 2026, adding role guidance and known-issues notes for the preview service. The available Learn pages do not describe the specific flaw in detail, but they do show Microsoft narrowing management to built-in roles such as Agent ID Administrator and Agent ID Developer. (learn.microsoft.com 1) (learn.microsoft.com 2) GitHub’s issue is easier to pin down from primary sources. GitHub’s advisory database says CVE-2026-3854 is an improper neutralization bug in GitHub Enterprise Server that lets an attacker with push access to a repository achieve remote code execution on the instance. (github.com) GitHub’s release notes show the flaw was fixed in supported Enterprise Server trains, and they place it among the April 2026 security patches. The same notes also say GitHub Enterprise Server 3.15 was discontinued on April 9, 2026, so administrators need a current supported branch to keep receiving critical fixes. (docs.github.com) cPanel’s patch was the most urgent in tone. cPanel said on April 28, 2026 that unauthorized logins were occurring in cPanel and WebHost Manager, and that all currently supported versions were affected by an authentication login exploit. (support.cpanel.net) The company published patched builds for six version tiers: 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20 and 11.136.0.5. It told customers to run `/scripts/upcp` or `/scripts/upcp --force`, and warned that unsupported servers were likely affected too. (support.cpanel.net) (support.cpanel.net) For servers that could not be updated immediately, cPanel recommended restricting access to ports 2082, 2083, 2086, 2087, 2095 and 2096, plus 2077 and 2078 if Web Disk was enabled. It also recommended disabling service subdomains because those requests are proxied through Apache and can bypass the firewall. (support.cpanel.net) Taken together, the fixes landed in three places administrators often treat as separate: identity, developer infrastructure and hosting control panels. This week’s advisories show the same operational rule across all three: stay on supported versions, patch quickly and rotate access where compromise is plausible. (docs.github.com) (support.cpanel.net) (learn.microsoft.com)