If you run MariaDB on your hosting servers, there's a date worth putting on the calendar: July 6, 2026. That's when MariaDB Community Server 10.6 reaches end of life. After that, the MariaDB project stops shipping releases, bug fixes, and security patches for the 10.6 branch.

Most conversations about the WordPress ecosystem focus on the platform: the block editor, the ongoing builder wars, the plugin marketplace. The agencies running client WordPress sites at scale rarely get that attention. They should.

CloudLinux and WebPros surveyed 210 WordPress agencies and freelancers to find out how they operate: where they run client sites, how they handle security and performance, and what they expect AI to do for them next. Selected insights and the link to the full report are in this post.

The summer paradox in hosting

Most industries treat summer as a slow season. Hosting providers know better.

For decades, the hosting industry operated under a predictable security rhythm. A major local privilege escalation (LPE) kernel vulnerability would emerge perhaps once a year. System administrators would scan the vendor change logs, assess the threat, and schedule a patch window or server reboot when convenient.

That era is officially over.

In a matter of just a few weeks, the industry has suffered a rapid succession of root exploits — Copy fail, Dirty frag, and Fragnesia, to name a few. We are no longer dealing with isolated, seasonal security events. We are living through a continuous barrage where new critical kernel vulnerabilities are surfacing weekly. Based on what I'm seeing, the next three to six months will be extremely intense, and the overall elevated threat environment will persist for roughly a year and a half.

Researcher Asim Manizada disclosed CIFSwitch, a Linux kernel local privilege escalation in the CIFS / SMB client's SPNEGO upcall path. The bug has been latent in the kernel since 2007 and the public proof-of-concept (manizada/CIFSwitch) shipped together with the oss-security disclosure on 2026-05-28. On affected hosts, any unprivileged local user can use it to gain root in a single command. The vulnerability is tracked as CVE-2026-46243.

CloudLinux 9.8 is now generally available. It tracks AlmaLinux OS 9.8 (“Olive Jaguar”) with the upstream 5.14 kernel, refreshed compiler toolchains, and new Python 3.14, MariaDB 11.8, and PostgreSQL 18 versions. The CloudLinux LVE stack, mod_lsapi, and PHP/Python/Node.js Selector packages have been rebuilt against the new kernel.

CloudLinux 10.2 is now generally available. It tracks AlmaLinux OS 10.2 (“Lavender Lion”) with the upstream 6.12 kernel, refreshed compiler toolchains, and new Python 3.14, MariaDB 11.8, and PostgreSQL 18 versions. The CloudLinux LVE stack, mod_lsapi, and PHP/Python/Node.js Selector packages have been rebuilt against the new kernel.

A purpose-built virtual assistant — trained on our own knowledge base — is changing how customers get answers.

On April 29, 2026, a Linux kernel privilege escalation called Copy Fail (CVE-2026-31431) became public on the oss-security mailing list. A short Python script, runnable by any unprivileged user, returned a root shell on most enterprise Linux servers running kernels from 2017 onward.

Researcher Aaron Esau and the V12 Security team disclosed PinTheft, a Linux kernel local privilege escalation that chains an RDS zerocopy reference-count bug with io_uring fixed buffers to overwrite the page cache of a SUID-root binary. A public proof-of-concept is available. Any unprivileged local user on an affected host can use it to gain root.