cPanel & WHM Release Fixes for Three New Vulnerabilities — Patch Now

Summary

cPanel, Inc. has released security updates for its cPanel and Web Host Manager (WHM) platforms to address three newly disclosed vulnerabilities. Hosting providers, managed service providers, and IT administrators running cPanel/WHM installations are strongly urged to apply the patches immediately, as these flaws span the range from denial-of-service to full code execution.

Vulnerabilities Fixed

CVE-2026-29201 — Input Validation Bypass (CVSS 4.3)

The first vulnerability involves insufficient input validation in a cPanel component. While rated at a moderate CVSS score of 4.3, this type of flaw can serve as a stepping stone for more complex attack chains or be used to manipulate application behavior in ways not intended by the vendor.

• Type: Insufficient input validation
• CVSS Score: 4.3 (Medium)
• Impact: Potential for data manipulation or logic bypass

Privilege Escalation Flaw

A second vulnerability addressed in this release enables privilege escalation within the cPanel/WHM environment. Attackers with lower-privileged access to the system could exploit this flaw to gain elevated permissions, potentially obtaining administrative access to hosted accounts or the underlying server.

• Type: Privilege escalation
• Impact: Local privilege elevation, potential hosting account compromise

Code Execution Vulnerability

The third issue is the most critical in this batch, allowing arbitrary code execution under certain conditions. This type of vulnerability can be exploited by a malicious actor to run arbitrary commands on the server, which could lead to full server compromise, data theft, or deployment of malware.

• Type: Remote/local code execution
• Impact: Full server compromise potential

Who Is Affected?

All organizations and hosting providers running cPanel & WHM versions prior to the latest patched release are potentially vulnerable. cPanel is one of the world's most widely deployed web hosting control panels, used by millions of shared hosting environments, VPS providers, and managed hosting companies.

Why This Matters

Hosting control panels like cPanel are high-value targets for attackers. A successful exploit against cPanel or WHM can provide access not only to the server itself but to all hosted websites and customer accounts on that server — making these vulnerabilities a force multiplier for attackers targeting hosting infrastructure.

Privilege escalation combined with code execution can allow an attacker to:

• Deploy web shells or backdoors across hosted sites
• Exfiltrate customer databases, emails, and credentials
• Pivot to other systems within the hosting provider's network
• Conduct cryptomining or spam operations using server resources

Recommended Actions

1. Apply updates immediately: Log in to your cPanel license portal and update to the latest stable release. cPanel supports automatic updates — verify this is enabled for your installation.
2. Review system logs: After patching, audit WHM access logs and cPanel error logs for signs of exploitation attempts.
3. Restrict WHM access: Ensure WHM is not exposed publicly. Use IP allowlisting, VPN access, or firewall rules to limit who can reach the WHM interface.
4. Enable two-factor authentication: Require 2FA for all cPanel and WHM logins to reduce the impact of credential compromise.
5. Monitor for anomalous cron jobs: Code execution vulnerabilities are often followed by persistence via cron. Audit all cPanel cron configurations.

References

• The Hacker News — cPanel WHM Patch 3 New Vulnerabilities
• cPanel Security Advisories
• NVD — CVE-2026-29201