Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

The Hacker News by The Hacker News
May 9, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananMay 09, 2026Vulnerability / Web Hosting

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.

The list of vulnerabilities is as follows –

  • CVE-2026-29201 (CVSS score: 4.3) – An insufficient input validation of the feature file name in the “feature::LOADFEATUREFILE” adminbin call that could result in an arbitrary file read.
  • CVE-2026-29202 (CVSS score: 8.8) – An insufficient input validation of the “plugin” parameter in the “create_user API” call that could result in arbitrary Perl code execution on behalf of the already authenticated account’s system user.
  • CVE-2026-29203 (CVSS score: 8.8) – An unsafe symlink handling vulnerability that allows a user to modify access permissions of an arbitrary file using chmod, resulting in denial-of-service or possible privilege escalation.

The shortcomings have been patched in the following versions –

  • cPanel and WHM –
    • 11.136.0.9 and higher
    • 11.134.0.25 and higher
    • 11.132.0.31 and higher
    • 11.130.0.22 and higher
    • 11.126.0.58 and higher
    • 11.124.0.37 and higher
    • 11.118.0.66 and higher
    • 11.110.0.116 and higher
    • 11.110.0.117 and higher
    • 11.102.0.41 and higher
    • 11.94.0.30 and higher
    • 11.86.0.43 and higher
  • WP Squared –

cPanel has released 110.0.114 as a direct update for customers who are still on CentOS 6 or CloudLinux 6. Users are advised to update to the latest versions for optimal protection.

While there is no evidence that the vulnerabilities have been exploited in the wild, the disclosure comes days after another critical flaw in the product (CVE-2026-41940) has been weaponized by threat actors as a zero-day to deliver Mirai botnet variants and a ransomware strain called Sorry.



Source link

The Hacker News

The Hacker News

Next Post
Hackable Robot Lawn Mower Unlocks a New Nightmare

Hackable Robot Lawn Mower Unlocks a New Nightmare

Recommended.

Nextivity Public Safety DAS Adds Gunshot Detection and Other Advanced AI / IoT Features

Nextivity Public Safety DAS Adds Gunshot Detection and Other Advanced AI / IoT Features

March 17, 2025
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

April 18, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio