At the moment it doesn't seem to be.

Within an hour of be advised of, and running the mitigation for DirtyFrag, my upstream provider has blocked all WHM/cPanel/SSH/FTP/SFTP access with a heads-up on:

CVE-2026-29201 CVE-2026-29202 CVE-2026-29203

which look like a repeat of CVE-2026-41940 a week ago.