Full Report
cPanel security advisory (AV26-437)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in cPanel, WHM, and WP Squared
## CVE Details
- **CVE ID:** CVE-2026-29201, CVE-2026-29202, CVE-2026-29203
- **CVSS Score:** Not explicitly detailed in the summary advisory (Typically High for cPanel security updates)
- **CWE:** Not specified (Likely includes Input Validation or Access Control flaws)
## Affected Systems
- **Products:** cPanel & WebHost Manager (WHM), WP Squared
- **Versions:**
- cPanel & WHM versions prior to: 11.136.0.9, 11.134.0.25, 11.132.0.31, 11.130.0.22, 11.126.0.58, 11.124.0.37, 11.118.0.66, 11.110.0.116, 11.110.0.117, 11.102.0.41, 11.94.0.30, 11.86.0.43
- WP Squared versions prior to: 11.136.1.10
- **Configurations:** Systems running affected versions of the hosting control panel software.
## Vulnerability Description
While the specific technical primitives (e.g., Buffer Overflow, XSS, or SQLi) are not detailed in the high-level Canadian Centre for Cyber Security bulletin, these CVEs represent security flaws within the cPanel/WHM management interface. Historically, such updates address vulnerabilities that could allow unauthorized administrative actions, sensitive data exposure, or remote code execution via the web interfaces.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild as of the publish date).
- **Complexity:** Not specified (Typically Medium for cPanel updates).
- **Attack Vector:** Network (Web-based management interface).
## Impact
- **Confidentiality:** Potential for sensitive server configuration or user data disclosure.
- **Integrity:** Potential for unauthorized modification of server settings.
- **Availability:** Potential for service disruption depending on the nature of the flaw.
## Remediation
### Patches
Users should update to the following versions or later:
- **cPanel & WHM:** 11.136.0.9, 11.134.0.25, 11.132.0.31, 11.130.0.22, 11.126.0.58, 11.124.0.37, 11.118.0.66, 11.110.0.116, 11.110.0.117, 11.102.0.41, 11.91.0.30, 11.86.0.43
- **WP Squared:** 11.136.1.10
### Workarounds
No specific workarounds were provided. It is recommended to restrict access to WHM/cPanel ports (2082, 2083, 2086, 2087) via firewall to trusted IP addresses only until updates are applied.
## Detection
- **Indicators of Compromise:** Monitor access logs for unusual administrative activity or requests targeting cPanel management ports originating from unknown IP addresses.
- **Detection methods and tools:** Verify version numbers via the WHM dashboard or by running `/usr/local/cpanel/cpanel -V` via CLI.
## References
- **Vendor Advisories:**
- hxxps[://]support[.]cpanel[.]net/hc/en-us/articles/40311033698327-Security-CVE-2026-29201
- hxxps[://]support[.]cpanel[.]net/hc/en-us/articles/40311426610327-Security-CVE-2026-29202
- hxxps[://]support[.]cpanel[.]net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203
- **Canadian Centre for Cyber Security Advisory:**
- hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/cpanel-security-advisory-av26-437