Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AnyDesk Critical 0-Day Vulnerability Lets Attackers Trigger DoS
July 16, 2026
Next.js Launches Monthly Security Releases, Patches 9 Vulnerabilities
July 16, 2026
SonicWall SMA 1000 Zero-Day Actively Exploited
July 16, 2026
Home/CyberSecurity News/Critical cPanel & WHM Vulnerabilities Let Attackers Execute Code, Launch DoS
CyberSecurity News

Critical cPanel & WHM Vulnerabilities Let Attackers Execute Code, Launch DoS

Key Takeaways cPanel & WHM have critical vulnerabilities enabling arbitrary file reads, Perl code injection, and denial-of-service (DoS) attacks. The most severe flaw, CVE-2026-29202, allows...

Emy Elsamnoudy
Emy Elsamnoudy
May 10, 2026 3 Min Read
54 0

Key Takeaways

  • cPanel & WHM have critical vulnerabilities enabling arbitrary file reads, Perl code injection, and denial-of-service (DoS) attacks.
  • The most severe flaw, CVE-2026-29202, allows remote code execution (RCE) via Perl code injection.
  • All active branches of cPanel & WHM are affected, including versions 11.136, 11.134, 11.132, 11.130, 11.126, 11.124, 11.118, 11.110, 11.102, 11.94, and 11.86.
  • Patches were released on May 8, 2026; immediate updates are strongly recommended for all administrators and hosting providers.

Critical Flaws Discovered in cPanel & WHM Exposing Servers to RCE and DoS

cPanel has released urgent security updates to address three critical vulnerabilities in its widely used cPanel & WHM control panel software. These flaws, identified as CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, were patched on May 8, 2026. They collectively enable attackers to read arbitrary files, inject Perl code for remote execution, and launch denial-of-service attacks, posing a severe risk to hosting environments and server administrators.

Table Of Content

  • Key Takeaways
  • Critical Flaws Discovered in cPanel & WHM Exposing Servers to RCE and DoS
  • CVE-2026-29201: Path Traversal Leading to Arbitrary File Read
  • CVE-2026-29202: Perl Code Injection in User Creation API
  • CVE-2026-29203: Unsafe Symlink Handling and DoS Potential
  • Affected Versions and Patched Releases
  • What You Should Do

This disclosure follows an active exploitation in April of another critical cPanel vulnerability, CVE-2026-41940, which allowed attackers to bypass login mechanisms entirely. The ongoing discovery of severe vulnerabilities underscores the critical need for timely patching and robust security practices among cPanel users.

CVE-2026-29201: Path Traversal Leading to Arbitrary File Read

The first vulnerability, CVE-2026-29201, is a path traversal flaw residing within the feature::LOADFEATUREFILE adminbin call. This component fails to adequately validate the feature file name parameter. An attacker can exploit this by supplying a relative path as an argument, making any file on the server world-readable.

Such a vulnerability can expose highly sensitive system files, including configuration data, user credentials, and private cryptographic keys. Access to these assets can serve as a critical stepping stone for adversaries to deepen their compromise of the system.

CVE-2026-29202: Perl Code Injection in User Creation API

The most critical of the three identified flaws is CVE-2026-29202, a Perl code injection vulnerability. This flaw impacts the create_user API call, specifically through the plugin parameter. Insufficient sanitization of input to this parameter allows an attacker to inject and execute arbitrary Perl code on the server.

Remote Code Execution (RCE) vulnerabilities like this represent the highest level of risk, potentially leading to a complete server takeover. Attackers could exfiltrate sensitive data, deploy malware, or establish persistent backdoors across entire hosted environments.

CVE-2026-29203: Unsafe Symlink Handling and DoS Potential

The third vulnerability, CVE-2026-29203, stems from unsafe symbolic link handling. This allows an authenticated user to modify the permissions of an arbitrary file on the system using chmod. While seemingly less severe, this flaw can be leveraged to disrupt critical system operations, leading to denial-of-service (DoS) conditions.

Furthermore, CVE-2026-29203 could be chained with other vulnerabilities to escalate privileges, potentially granting unauthorized administrative access to an attacker.

Affected Versions and Patched Releases

All three vulnerabilities impact the same range of cPanel & WHM versions. cPanel has issued patches across all actively maintained branches. Administrators must update their installations to one of the following versions or newer:

  • 11.136.0.9
  • 11.134.0.25
  • 11.132.0.31
  • 11.130.0.22
  • 11.126.0.58
  • 11.124.0.37
  • 11.118.0.66
  • 11.110.0.116
  • 11.110.0.117
  • 11.102.0.41
  • 11.94.0.30
  • 11.86.0.43

Users of WP Squared should specifically upgrade to version 11.136.1.10 or higher. For servers running CentOS 6 or CloudLinux 6, a direct update to version 110.0.114 is available by first setting the upgrade tier using the command: sed -i "s/CPANEL=.*/CPANEL=cl6110/g" /etc/cpupdate.conf.

What You Should Do

  • Apply Patches Immediately: Run the forced update script on your cPanel installation: /scripts/upcp --force.
  • Verify Installation: After updating, confirm the installed version using: /usr/local/cpanel/cpanel -V. Ensure it matches one of the patched releases listed above.
  • Review Logs: Scrutinize server logs for any indicators of compromise or exploitation activity, especially given the severity of the Perl code injection vulnerability.
  • Isolate Shared Environments: For hosting providers, be aware that these flaws, particularly the RCE and privilege escalation risks, pose a significant threat to shared hosting environments. Implement additional isolation measures where possible.
  • Stay Updated: Regularly monitor cPanel’s security announcements and apply updates promptly to mitigate future risks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitMalwarePatchSecurityVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

TCLBANKER Malware Spreads via WhatsApp and Outlook Worm Modules

Next Post

ODINI Malware Exploits CPU Emissions to Breach Air-Gapped Computers

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Dutch Police Dismantle €100M Investment Fraud Network, 20 Call Centers Shut Down
July 16, 2026
JetBrains Patches 6 Vulnerabilities in TeamCity, YouTrack, IntelliJ IDEA
July 16, 2026
WhatsApp GhostPairing Flaw Lets Attackers Hijack Accounts
July 16, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us