Close Menu

    Subscribe to Updates

    Get the latest creative news from infofortech

    What's Hot

    There’s Now An API For Mainlining Trump’s Truth Social Posts

    July 18, 2026

    New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

    July 18, 2026

    Anthropic, Meta reportedly discussing $10B data center leasing deal

    July 18, 2026
    Facebook X (Twitter) Instagram
    InfoForTech
    • Home
    • Latest in Tech
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    Facebook X (Twitter) Instagram
    InfoForTech
    Home»Cybersecurity»cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
    Cybersecurity

    cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

    InfoForTechBy InfoForTechMay 9, 2026No Comments2 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email


    Ravie LakshmananMay 09, 2026Vulnerability / Web Hosting

    cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.

    The list of vulnerabilities is as follows –

    • CVE-2026-29201 (CVSS score: 4.3) – An insufficient input validation of the feature file name in the “feature::LOADFEATUREFILE” adminbin call that could result in an arbitrary file read.
    • CVE-2026-29202 (CVSS score: 8.8) – An insufficient input validation of the “plugin” parameter in the “create_user API” call that could result in arbitrary Perl code execution on behalf of the already authenticated account’s system user.
    • CVE-2026-29203 (CVSS score: 8.8) – An unsafe symlink handling vulnerability that allows a user to modify access permissions of an arbitrary file using chmod, resulting in denial-of-service or possible privilege escalation.

    The shortcomings have been patched in the following versions –

    • cPanel and WHM –
      • 11.136.0.9 and higher
      • 11.134.0.25 and higher
      • 11.132.0.31 and higher
      • 11.130.0.22 and higher
      • 11.126.0.58 and higher
      • 11.124.0.37 and higher
      • 11.118.0.66 and higher
      • 11.110.0.116 and higher
      • 11.110.0.117 and higher
      • 11.102.0.41 and higher
      • 11.94.0.30 and higher
      • 11.86.0.43 and higher
    • WP Squared –

    cPanel has released 110.0.114 as a direct update for customers who are still on CentOS 6 or CloudLinux 6. Users are advised to update to the latest versions for optimal protection.

    While there is no evidence that the vulnerabilities have been exploited in the wild, the disclosure comes days after another critical flaw in the product (CVE-2026-41940) has been weaponized by threat actors as a zero-day to deliver Mirai botnet variants and a ransomware strain called Sorry.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    InfoForTech
    • Website

    Related Posts

    New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

    July 18, 2026

    2026 Cybersecurity Forecast: Mid-Year Review & H2 Trends

    July 17, 2026

    E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

    July 17, 2026

    How Can Deception Be Used in OT/ICS Networks?

    July 17, 2026

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    July 16, 2026

    TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

    July 16, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views

    This is the tech that makes Volvo’s latest EV a major step forward

    January 24, 202616 Views
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Advertisement
    About Us
    About Us

    Our mission is to deliver clear, reliable, and up-to-date information about the technologies shaping the modern world. We focus on breaking down complex topics into easy-to-understand insights for professionals, enthusiasts, and everyday readers alike.

    We're accepting new partnerships right now.

    Facebook X (Twitter) YouTube
    Most Popular

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views
    Categories
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    • Latest in Tech
    © 2026 All Rights Reserved InfoForTech.
    • Home
    • About Us
    • Contact Us
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.