A critical security vulnerability (CVE-2026-53359) has been discovered in KVM, the virtualization technology we use for all virtual private servers, and for parts of our infrastructure. While there are no public working exploits at this time, we believe the situation will change in the near future. To ensure security and stability, we must intervene as soon as possible.
Starting 12AM EST on 9 July, 2026, we will being applying the security patch to all host hypervisors, which also requires a reboot of all virtual private servers.
We expect a brief downtime of around 15 to 30 minutes per virtual machine. if your server is unreachable for a longer duration, and you don't see any further updates in our status page, please reach out to our support team. Please also ensure that your server is configured to gracefully handle reboots, and restart any necessary services.
Affected Services:
- All virtual private servers
- All bot hosting services
- All database hosts
We will also be sending emails separate for every affected service. We will also share any necessary updates on our status page at https://status.sparkedhost.com/