All Reports
App Service: Wake-from-idle env fix
App Service apps with idle-shutdown enabled could lose environment configuration after waking from idle. Resolved 10 May 2026.
Shared Hosting CVE-2026-41940 security review
Following public activity related to CVE-2026-41940 affecting WHM/cPanel environments, WAYSCloud reviewed its shared hosting infrastructure. The review confirmed that relevant systems had already been patched through automated vendor update handling before observed exploitation attempts. No compromise was identified.
Custom-domain DNS verification fix
Internal review found the meil.no custom-domain ownership check could miss valid DNS records due to registrar case normalization. Fixed; no customer impact.
Email security hardening: DNSSEC, DANE, IPv6
WAYSCloud has completed a multi-step hardening of the internal email delivery layer used by the workspace platform, including DNSSEC, DANE/TLSA, and IPv6 support. These changes strengthen protection against tampering, downgrade attacks, and spoofing, and are externally verifiable. This work covered WAYSCloud's own platform mail infrastructure only. Customer-operated mail servers and customer-managed email systems were not in scope and were not affected.
App Platform interface alignment
Inconsistencies between CLI, API, and dashboard behavior were identified and resolved as part of internal validation of the App Platform.
Database service degradation due to storage saturation
A storage saturation event on a database node caused degraded performance and temporary service disruption across multiple platform services. All services have been restored, and safeguards have been implemented to prevent recurrence.
Shared Hosting control panel migration to HestiaCP
WAYSCloud will migrate its Shared Hosting platform to a new control panel based on HestiaCP. This is part of our ongoing move toward open-source technologies across the platform, with no downtime expected for customer websites.
App Platform Deployment Issue
Deployment startup failures were not clearly surfaced in the dashboard, and the plan upgrade flow lacked a direct path. Resolved with improved error visibility.
WAYSCloud Sovereignty Report
Sovereignty architecture overview — platform control boundaries, dependency governance, jurisdictional alignment, and external dependency risk management.
VPS web console access issue and architecture improvement
The VPS web console experienced issues preventing browser-based access to virtual machines. The issue has been resolved with an improved, OS-independent console architecture.
Database snapshot redundancy limitation
Off-site backup replication was temporarily limited within a subset of database infrastructure. Detected by monitoring and resolved.
Dashboard translation inconsistency following deployment
A deployment caused parts of the customer dashboard to display raw translation keys instead of localized text. No data was affected.
Redis provisioning: firewall allowlist not enforced on new instances
Firewall allowlist rules appeared configured but were not enforced at the network level on newly provisioned Redis instances.
Permission Model Conflict During Apache to LiteSpeed Migration
A permission mismatch during Apache-to-LiteSpeed migration caused brief website errors. Rolled back within minutes, now resolved.
Inconsistent tenant context in administrative support mode
The 'view as customer' support mode did not consistently apply tenant context across services, causing mixed data display.
False positive CSAM alert involving test data and external IP
A false positive CSAM alert was triggered by test data in production. Formal review confirmed no real content was involved.
Position on proposed EU CSAR regulation and cloud implications
WAYSCloud's formal position on the proposed EU CSAR regulation and its implications for encryption, sovereignty, and providers.
Historical supplier-related data incident involving controlled recruitment and security documents
This retrospective report documents a historical supplier-related data incident involving Fortified Technologies AS, a cybersecurity supplier engaged by WAYSCloud for security strategy, CSF 2.0-related work and security-related assessments. The incident concerned manual, browser-based downloads from an isolated and access-controlled collaboration workspace that had been established as a security measure. WAYSCloud reported the incident to the Norwegian Data Protection Authority under reference AR644275154, notified affected individuals, removed supplier access and strengthened controls for sensitive collaboration areas.