This is the entire web hosting industry. The attack surface is massive and the industry has been so squeezed of costs that patching stuff will take a long time. This exploit will be alive for a long long time.
To its credit, cPanel updates nightly and the developers will push security patches out within hours. I don’t have a box to check but I would imagine a cPanel patch is already live.
