WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Overcast Clouds Humidity: 79%
Wind: 2.35 M/S

CPanel and WHM Updates Resolve Multiple Vulnerabilities — Immediate Patching Advised

Security Hits: 114
CPanel and WHM Updates Resolve Multiple Vulnerabilities — Immediate Patching Advised

CPanel has issued security updates to fix three newly discovered vulnerabilities affecting both cPanel and Web Host Manager (WHM). These flaws, if exploited, could allow attackers to escalate privileges, execute arbitrary code, or cause service disruption.

Vulnerabilities addressed

The security issues patched in this update include:

  • CVE‑2026‑29201 (CVSS 4.3):
    This vulnerability stems from improper validation of the feature file name within the feature LOADFEATUREFILE administrative call. Exploitation could allow an attacker to read arbitrary files from the system.

  • CVE‑2026‑29202 (CVSS 8.8):
    A more critical flaw involving insufficient validation of the plugin parameter in the create_user API. A successfully authenticated attacker could exploit this weakness to execute arbitrary Perl code under the context of the system user associated with the account.

  • CVE‑2026‑29203 (CVSS 8.8):
    This issue relates to unsafe handling of symbolic links (symlinks). By abusing this flaw, an attacker could manipulate file permissions using chmod, potentially causing denial‑of‑service conditions or enabling privilege escalation.

Affected versions and fixes

CPanel has resolved these vulnerabilities across multiple supported releases. The fixes are included in the following versions:

  • cPanel & WHM:

    • 11.136.0.9 and later
    • 11.134.0.25 and later
    • 11.132.0.31 and later
    • 11.130.0.22 and later
    • 11.126.0.58 and later
    • 11.124.0.37 and later
    • 11.118.0.66 and later
    • 11.110.0.116 / 11.110.0.117 and later
    • 11.102.0.41 and later
    • 11.94.0.30 and later
    • 11.86.0.43 and later

  • WP Squared:

    • 11.136.1.10 and later

For systems still running legacy platforms such as CentOS 6 or CloudLinux 6, cPanel has released version 110.0.114 as a direct update path.

Risk and recommendations

At this time, there is no evidence that these vulnerabilities have been actively exploited. However, administrators are strongly encouraged to upgrade to the latest available versions immediately to mitigate potential risks.

The urgency is heightened by recent activity involving CVE‑2026‑41940, another critical cPanel vulnerability that was rapidly weaponized by threat actors. That flaw was leveraged to deploy Mirai botnet variants and a ransomware strain known as Sorry, demonstrating how quickly attackers can adopt newly disclosed issues.


Key takeaway

While exploitation of these specific flaws has not yet been observed, their potential impact particularly those enabling code execution and privilege escalation makes prompt patching essential. Organizations running cPanel/WHM should prioritize updates to maintain a secure environment and reduce exposure to emerging threats.

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Back To Top

Cybersecurity Insight delivers timely updates on global cybersecurity developments, including recent system breaches, cyber-attacks, advancements in artificial intelligence (AI), and emerging technology innovations. Our goal is to keep viewers well-informed about the latest trends in technology and system security, and how these changes impact our lives and the broader ecosystem

Please fill the required field.