Article

Alert: cPanel, WHM, and WP Squared (WP2) Security Updates

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.

CVE-2026-29203: Unsafe handling of symbolic links allows users to change permissions on arbitrary files, potentially causing denial-of-service or privilege escalation.
CVE-2026-29202: Improper validation of the plugin parameter in the Create User API could enable arbitrary Perl code execution by an authenticated user, posing a serious security risk.
CVE-2026-29201: A weakness in input validation when loading feature files could allow an attacker to read arbitrary files.

Affected Systems:

cPanel and WHM: All supported versions prior to 11.136.0.9, 11.134.0.25, 11.132.0.31, 11.130.0.22, 11.126.0.58, 11.124.0.37, 11.118.0.66, 11.110.0.117, 11.102.0.41, 11.94.0.30, 11.86.0.43.
WP Squared (WP2): versions prior to 11.136.1.11

Security Risks

The successful exploitation of this vulnerability could allow attackers to bypass authentication controls and gain unauthorized administrative access to cPanel and WHM systems without valid credentials.

For more information on this vulnerability and related updates, please refer to official cPanel security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators:

Upgrade cPanel and WHM to the latest supported versions to ensure continued access to security patches and technical support.
If patching cannot be applied immediately, restrict access to ports 2083, 2087, 2095, and 2096, or disable cPanel core services (cpsrvd and cpdavd).
For users still on CentOS 6 or CloudLinux 6, they can update to version 11.110.0.116
Ensure valid backups are available before applying updates.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

12 May 2026

More updates

04 May 2026

Security Alert: Critical cPanel and WHM Authentication Vulnerability Exploited

A critical vulnerability tracked as CVE-2026-41940 has been identified in cPanel and WHM (WebHost Manager) and related services.

30 April 2026

Security Alert: Nessus Agent for Windows SYSTEM Code Execution Vulnerability

A security vulnerability has been identified in Tenable Nessus Agent for Windows.

30 April 2026

Security Alert: Apple Security Updates – April 2026

Apple has released urgent security updates to address a zero-day vulnerability.

21 April 2026

Security Alert: Fortinet Security Updates - April 2026

Fortinet has released a security update addressing multiple vulnerabilities in its products.

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.

CVE-2026-29203: Unsafe handling of symbolic links allows users to change permissions on arbitrary files, potentially causing denial-of-service or privilege escalation.

CVE-2026-29202: Improper validation of the plugin parameter in the Create User API could enable arbitrary Perl code execution by an authenticated user, posing a serious security risk.

CVE-2026-29201: A weakness in input validation when loading feature files could allow an attacker to read arbitrary files.

Affected Systems:

cPanel and WHM: All supported versions prior to 11.136.0.9, 11.134.0.25, 11.132.0.31, 11.130.0.22, 11.126.0.58, 11.124.0.37, 11.118.0.66, 11.110.0.117, 11.102.0.41, 11.94.0.30, 11.86.0.43.

WP Squared (WP2): versions prior to 11.136.1.11

Security Risks

The successful exploitation of this vulnerability could allow attackers to bypass authentication controls and gain unauthorized administrative access to cPanel and WHM systems without valid credentials.

For more information on this vulnerability and related updates, please refer to official cPanel security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators:

Upgrade cPanel and WHM to the latest supported versions to ensure continued access to security patches and technical support.

If patching cannot be applied immediately, restrict access to ports 2083, 2087, 2095, and 2096, or disable cPanel core services (cpsrvd and cpdavd).

For users still on CentOS 6 or CloudLinux 6, they can update to version 11.110.0.116

Ensure valid backups are available before applying updates.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

Security Advisory – cPanel

https://thehackernews.com

https://docs.cpanel.net/release-notes

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224