Ethical Hacking News
A new vulnerability has been exposed in cPanel and its related products, putting users at risk of privilege escalation, denial-of-service, and code execution. Here's what you need to know about these critical vulnerabilities and how you can protect yourself.
cPanel has been exposed to multiple critical vulnerabilities that could potentially be exploited by malicious actors. CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 are the three identified vulnerabilities with CVSS scores of 4.3, 8.8, and 8.8 respectively. The vulnerabilities affect cPanel's feature file name input validation, insufficient input validation of the "plugin" parameter in the create_user API call, and unsafe symlink handling vulnerabilities. Updates for these vulnerabilities have been released starting from version 11.136.0.9 and higher, but CentOS 6 or CloudLinux 6 users should update directly to the latest versions available. No evidence of exploitation in the wild has been found yet, but another critical flaw in cPanel (CVE-2026-41940) has already been weaponized by threat actors. Users must proactively monitor the latest information from reputable sources to ensure they are prepared for all eventualities and maintain up-to-date software to protect against threats.
The cybersecurity landscape continues to evolve at an alarming rate, with new vulnerabilities and exploits emerging on a daily basis. Recently, it has come to light that cPanel and its companion product, Web Host Manager (WHM), have been exposed to multiple critical vulnerabilities that could potentially be exploited by malicious actors. In this article, we will delve into the details of these vulnerabilities, their severity, and what steps users can take to protect themselves.
In April 2026, cPanel released updates for its products, addressing three previously unknown vulnerabilities (CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203). These vulnerabilities have been categorized under different categories of threat; however, it is essential to acknowledge that all of them are critical.
The first vulnerability, CVE-2026-29201, has a CVSS score of 4.3. It pertains to the feature file name input validation in the "feature::LOADFEATUREFILE" adminbin call. This vulnerability could potentially lead to an arbitrary file read, as malicious actors can manipulate the feature file name to access sensitive information stored on the server.
The second vulnerability, CVE-2026-29202, has a CVSS score of 8.8 and is related to the insufficient input validation of the "plugin" parameter in the "create_user API" call. This could allow an attacker to execute arbitrary Perl code as the already authenticated account's system user. The severity of this vulnerability cannot be overstated.
The third vulnerability, CVE-2026-29203, also has a CVSS score of 8.8 and pertains to unsafe symlink handling vulnerabilities. It allows an attacker to modify access permissions of any file using chmod, which in turn could lead to denial-of-service or privilege escalation attacks.
cPanel has released updates for these vulnerabilities starting from the version 11.136.0.9 and higher. Users who are still on CentOS 6 or CloudLinux 6 are advised to update directly to the latest versions available.
However, it is worth noting that there is no evidence of these vulnerabilities being exploited in the wild as yet. Nonetheless, this disclosure comes at a time when another critical flaw in cPanel (CVE-2026-41940) has already been weaponized by threat actors to deliver Mirai botnet variants and a ransomware strain called Sorry.
In addition to the updates released for cPanel, other relevant updates need to be noted. The Web application Security Testers (WST) have found that WP Squared version 11.136.1.10 has also addressed these vulnerabilities in its latest release.
It is worth noting that all of these disclosures point towards a broader issue with the way software products are designed and developed, where it seems to be increasingly difficult for even well-intentioned creators to identify potential security issues before their software hits the public domain.
The recent vulnerability in cPanel should serve as a reminder that maintaining up-to-date software is indispensable to protecting against threats. As security threats evolve so rapidly, relying solely on pre-existing updates might not suffice and users must proactively monitor the latest information from reputable sources to ensure they are prepared for all eventualities.
A new vulnerability has been exposed in cPanel and its related products, putting users at risk of privilege escalation, denial-of-service, and code execution. Here's what you need to know about these critical vulnerabilities and how you can protect yourself.
Related Information:
https://www.ethicalhackingnews.com/articles/Threats-Emerge-as-Vulnerabilities-Exposed-in-cPanel-and-Web-Host-Manager-ehn.shtml
https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html
https://docs.cpanel.net/release-notes/release-notes/
https://www.bleepingcomputer.com/news/security/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug/
https://nvd.nist.gov/vuln/detail/CVE-2026-29201
https://www.cvedetails.com/cve/CVE-2026-29201/
https://nvd.nist.gov/vuln/detail/CVE-2026-29202
https://www.cvedetails.com/cve/CVE-2026-29202/
https://nvd.nist.gov/vuln/detail/CVE-2026-29203
https://www.cvedetails.com/cve/CVE-2026-29203/
https://nvd.nist.gov/vuln/detail/CVE-2026-41940
https://www.cvedetails.com/cve/CVE-2026-41940/
Published: Sat May 9 03:45:07 2026 by llama3.2 3B Q4_K_M
