Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
Facebook X (Twitter) Instagram
Thursday, June 25
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
News

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

Team-CWDBy Team-CWDMay 17, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.

The list of vulnerabilities is as follows –

  • CVE-2026-29201 (CVSS score: 4.3) – An insufficient input validation of the feature file name in the “feature::LOADFEATUREFILE” adminbin call that could result in an arbitrary file read.
  • CVE-2026-29202 (CVSS score: 8.8) – An insufficient input validation of the “plugin” parameter in the “create_user API” call that could result in arbitrary Perl code execution on behalf of the already authenticated account’s system user.
  • CVE-2026-29203 (CVSS score: 8.8) – An unsafe symlink handling vulnerability that allows a user to modify access permissions of an arbitrary file using chmod, resulting in denial-of-service or possible privilege escalation.

The shortcomings have been patched in the following versions –

  • cPanel and WHM –
    • 11.136.0.9 and higher
    • 11.134.0.25 and higher
    • 11.132.0.31 and higher
    • 11.130.0.22 and higher
    • 11.126.0.58 and higher
    • 11.124.0.37 and higher
    • 11.118.0.66 and higher
    • 11.110.0.116 and higher
    • 11.110.0.117 and higher
    • 11.102.0.41 and higher
    • 11.94.0.30 and higher
    • 11.86.0.43 and higher
  • WP Squared –

cPanel has released 110.0.114 as a direct update for customers who are still on CentOS 6 or CloudLinux 6. Users are advised to update to the latest versions for optimal protection.

While there is no evidence that the vulnerabilities have been exploited in the wild, the disclosure comes days after another critical flaw in the product (CVE-2026-41940) has been weaponized by threat actors as a zero-day to deliver Mirai botnet variants and a ransomware strain called Sorry.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleTCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Next Article Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Team-CWD
  • Website

Related Posts

News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026
News

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 24, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

2025’s most common passwords were as predictable as ever

January 21, 2026

How the always-on generation can level up their cybersecurity game

September 11, 2025

How chatbots can help spread scams

October 14, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.