Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

New cPanel Vulnerabilities Exposed: A Growing Concern for File Access and Remote Code Execution



New cPanel vulnerabilities have been discovered, allowing attackers to access sensitive files and execute arbitrary code on vulnerable systems. The update highlights the critical need for users to stay vigilant in their cybersecurity efforts, particularly when managing remote access and file management on their servers.

  • Recent vulnerabilities have been discovered in cPanel, highlighting the need for users to prioritize their cybersecurity posture.
  • cPanel has released security patches for three distinct vulnerabilities (CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203) that could allow attackers to execute arbitrary code and access sensitive files.
  • The first vulnerability allows attackers to read arbitrary files on the server, while the second involves a critical flaw in the create_user API due to improper validation of plugin parameters.
  • A third vulnerability (CVE-2026-29203) enables users to change permissions on arbitrary files using chmod, potentially leading to denial-of-service conditions or privilege escalation.
  • Updates are crucial for mitigating this risk and protecting against potential attacks; users should apply patches as soon as possible.
  • A recent incident involving the Official JDownloader site has emphasized the importance of keeping software up-to-date and being cautious when using unverified sources.
  • New exploits have been reported for CVE-2026-41940, an authentication bypass flaw affecting cPanel and WHM versions after 11.40.



    • The security world has been abuzz with recent revelations regarding new vulnerabilities in the popular web hosting control panel, cPanel. This update is particularly noteworthy as it highlights the critical need for users to prioritize their cybersecurity posture, especially when managing remote access and file management on their servers.

    cPanel has released security patches to address three distinct vulnerabilities affecting its core functionality, which could potentially allow attackers to execute arbitrary code and access sensitive files on vulnerable systems (CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203). These updates were made available for various cPanel & WHM releases, including versions 11.136.0.9, 11.134.0.25, 11.132.0.31, and newer builds.

    The first vulnerability, CVE-2026-29201, pertains to an input validation issue in the feature::LOADFEATUREFILE adminbin call. This flaw enables attackers to read arbitrary files on the server by exploiting the weakness in this function. The second vulnerability, CVE-2026-29202, involves a critical flaw in the create_user API due to improper validation of the plugin parameter. An authenticated attacker could exploit it to execute arbitrary Perl code with the privileges of the affected account. The third and most concerning vulnerability, CVE-2026-29203, is an unsafe symlink handling vulnerability that allows users to change permissions on arbitrary files using chmod, potentially leading to denial-of-service conditions or privilege escalation.

    The implications of these vulnerabilities are significant, particularly when considering the potential for attackers to manipulate system settings, access sensitive data, and gain control over servers. Given the widespread adoption of cPanel among web hosting providers and individual users alike, it is imperative that updates are applied as soon as possible to mitigate this risk.

    Furthermore, a separate incident involving the Official JDownloader site has served malware to Windows and Linux users between May 6th and May 7th, further emphasizing the importance of keeping software up-to-date and being cautious when using unverified sources.

    Additionally, recent exploits have been reported for CVE-2026-41940, an authentication bypass flaw affecting cPanel and WHM versions after 11.40. This weakness allows remote attackers to skip or manipulate authentication checks, granting access to the control panel without valid credentials.

    As cybersecurity threats continue to evolve at an unprecedented pace, it is crucial that users remain vigilant and proactive in their approach to securing their systems. By acknowledging these vulnerabilities and taking prompt action to address them, individuals can significantly reduce their exposure to potential attacks and protect themselves from the far-reaching consequences of data breaches and unauthorized access.

    The latest developments in cybersecurity underscore the need for ongoing vigilance and caution when managing our digital assets. As we move forward into a rapidly changing technological landscape, it is essential that we prioritize our security posture and remain informed about emerging threats and vulnerabilities.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/New-cPanel-Vulnerabilities-Exposed-A-Growing-Concern-for-File-Access-and-Remote-Code-Execution-ehn.shtml

  • https://securityaffairs.com/191931/security/new-cpanel-vulnerabilities-could-allow-file-access-and-remote-code-execution.html

  • https://nvd.nist.gov/vuln/detail/CVE-2026-29201

  • https://www.cvedetails.com/cve/CVE-2026-29201/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-29202

  • https://www.cvedetails.com/cve/CVE-2026-29202/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-29203

  • https://www.cvedetails.com/cve/CVE-2026-29203/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-41940

  • https://www.cvedetails.com/cve/CVE-2026-41940/


    • Published: Sun May 10 12:16:00 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us