Web hosting providers and administrators using cPanel and Web Host Manager (WHM) are on high alert following the release of urgent security updates. cPanel has disclosed and patched three new vulnerabilities that, if exploited, could lead to severe consequences including privilege escalation, arbitrary code execution, and denial-of-service attacks. The message is clear: patch your systems without delay.
Understanding the New Threats
These latest security flaws underscore the continuous need for vigilance in server management. Here’s a breakdown of the vulnerabilities addressed:
CVE-2026-29201: Arbitrary File Read (CVSS 4.3)
This vulnerability stems from insufficient input validation of the feature file name within the “feature::LOADFEATUREFILE” adminbin call. An attacker could exploit this flaw to read arbitrary files on the system, potentially exposing sensitive configuration data or user information. While its CVSS score is moderate, the ability to read arbitrary files is a significant stepping stone for more advanced attacks.
CVE-2026-29202: Arbitrary Perl Code Execution (CVSS 8.8)
A critical flaw, this vulnerability arises from inadequate input validation of the “plugin” parameter in the “create_user API” call. Exploitation could allow an authenticated attacker to execute arbitrary Perl code on the system, operating under the privileges of the authenticated account’s system user. This presents a severe risk of system compromise and data manipulation.
CVE-2026-29203: Unsafe Symlink Handling & Privilege Escalation (CVSS 8.8)
This high-severity vulnerability involves unsafe symlink handling, enabling a user to modify access permissions of arbitrary files using the chmod command. The consequences are dire, ranging from denial-of-service by rendering critical files inaccessible to potential privilege escalation, giving attackers elevated control over the server.
Mandatory Updates: Which Versions Are Affected?
cPanel has promptly released patches to address these critical issues. Users are strongly advised to update to the following versions or higher to ensure optimal protection:
- cPanel and WHM: 11.136.0.9+, 11.134.0.25+, 11.132.0.31+, 11.130.0.22+, 11.126.0.58+, 11.124.0.37+, 11.118.0.66+, 11.110.0.116+, 11.110.0.117+, 11.102.0.41+, 11.94.0.30+, 11.86.0.43+
- WP Squared: 11.136.1.10+
For customers still operating on legacy systems like CentOS 6 or CloudLinux 6, cPanel has provided a direct update: version 110.0.114. Regardless of your current setup, verifying and applying the latest available patches is paramount.
The Urgency Amplified: Recent Zero-Day Exploitation
While there is currently no evidence of these specific vulnerabilities being exploited in the wild, the timing of this disclosure is particularly concerning. It comes just days after a separate critical flaw in cPanel (CVE-2026-41940) was actively weaponized as a zero-day by threat actors. This previous vulnerability was leveraged to deploy Mirai botnet variants and a dangerous ransomware strain known as ‘Sorry’. This recent history highlights the aggressive nature of cybercriminals targeting popular web hosting platforms and underscores the imperative for immediate patching.
Act Now to Secure Your Infrastructure
The security of your cPanel and WHM environments directly impacts the integrity and availability of your hosted websites and applications. Proactive patching is the most effective defense against these newly identified threats. Do not delay – update your systems today to safeguard against potential attacks.
For more details, visit our website.
Source: Link
Leave a comment