Emergency Maintenance: Critical Security Update on Virtualization Infrastructure

Scheduled Maintenance Report for dataforest

In progress

Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Jul 08, 2026 - 18:30 CEST

Scheduled

A critical security vulnerability known as "Januscape" has been discovered in KVM, the core virtualization technology powering our infrastructure. This flaw potentially affects all virtual servers across our network. Over the past 24 hours, our team has analyzed the threat and developed an immediate mitigation plan.

This is one of the most severe vulnerabilities reported in KVM to date. While there are currently no public exploits available to compromise host systems, we expect this to change imminently. To ensure the absolute safety of all customer data and our infrastructure, immediate action is mandatory.

What we are doing
Over the next 24 hours, our engineers will work in multiple shifts to apply a security patch to all host systems, which requires a reboot of all virtual servers. Due to the extreme urgency of the situation and the massive scale of the infrastructure, it is unfortunately impossible to schedule individual maintenance windows.

Expected impact
- We expect a brief downtime of 5 to 15 minutes per virtual server. If your server is unreachable for more than 15 minutes, please check this status page for updates regarding potential host-specific issues. If there are no known issues listed, please contact our support.
- For unmanaged server customers: Ensure your VM is reboot-safe. Configure critical software to autostart on boot and terminate cleanly upon a shutdown signal from the host. Please understand that we cannot take responsibility for the internal configuration of unmanaged servers.
- For managed, webhosting, and TeamSpeak 3 customers: You do not need to take any action. Our team manages the configuration and safe reboot of your services automatically.
- As part of the security mitigation, we must globally disable nested virtualization (the ability to run a virtual machine inside your virtual server). This is a highly specific feature, and if your workload relies on it, you are likely aware of it. If this affects you, please reach out to our support immediately to discuss a custom solution.

We understand that this situation is unpleasant and challenging, but we must ensure the safety of all customers.

Affected products
This maintenance applies to every type of virtual server in our infrastructure, including:
- Seeds in the dataforest cloud
- Virtualized Avoro products (VPS, Rootserver, Power Rootserver, NVMe vServer, Compute vServer, Cloud Server)
- Every PHP-Friends vServer; both managed and unmanaged
- Our Plesk web hosting systems and TeamSpeak 3 servers (as these are hosted on the same virtualization platform)
Posted Jul 08, 2026 - 17:30 CEST
This scheduled maintenance affects: [Datacenter] maincubes FRA01 (Virtual Servers, Plesk Web Hosting, TeamSpeak3 Servers).