Full Report
cPanel security advisory (AV26-464)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in cPanel & WHM (AV26-464)
## CVE Details
- **CVE ID**: Not explicitly listed in the summary advisory (Refer to vendor link for specific IDs)
- **CVSS Score**: Not Provided (Typically ranges from Medium to High for cPanel suite updates)
- **CWE**: Varies by specific vulnerability (Commonly includes XSS, Injection, or Privilege Escalation in these suites)
## Affected Systems
- **Products**: cPanel & WebHost Manager (WHM), WP Squared
- **Versions**:
- cPanel & WHM versions prior to: 11.86.0.44, 11.94.0.31, 11.102.0.42, 11.110.0.118, 11.118.0.67, 11.124.0.38, 11.126.0.59, 11.130.0.23, 11.132.0.32, 11.134.0.26, 11.136.0.10
- WP Squared versions prior to: 11.136.1.12
- **Configurations**: Standard installations of cPanel/WHM on Linux distributions.
## Vulnerability Description
While the advisory (AV26-464) serves as a roll-up notification, cPanel security releases typically address flaws related to improper input validation, session management vulnerabilities, or insecurities in the API components of the WebHost Manager. These flaws could allow unauthorized users to perform actions with elevated privileges or intercept sensitive data.
## Exploitation
- **Status**: Not exploited (No reports of active exploitation in the wild as of the advisory date)
- **Complexity**: Variable (Typically Low to Medium)
- **Attack Vector**: Network (Most cPanel vulnerabilities are accessible via the web interface on ports 2083, 2087, or 2096)
## Impact
- **Confidentiality**: High (Potential access to user data and configurations)
- **Integrity**: High (Potential for unauthorized configuration changes)
- **Availability**: Medium (Potential for service disruption via administrative tools)
## Remediation
### Patches
Update to the following versions or later:
- cPanel & WHM: **11.86.0.44, 11.94.0.31, 11.102.0.42, 11.110.0.118, 11.118.0.67, 11.124.0.38, 11.126.0.59, 11.130.0.23, 11.132.0.32, 11.134.0.26, 11.136.0.10**
- WP Squared: **11.136.1.12**
### Workarounds
- Fast-track updates via the command line using: `/usr/local/cpanel/scripts/upcp`
- Restrict access to WHM/cPanel ports (2083, 2087) to known/trusted IP addresses using Host Access Control or a firewall.
## Detection
- Monitor WHM login logs for unusual administrative activity.
- Audit `/usr/local/cpanel/logs/error_log` for repeated failed attempts or unusual API calls.
- Use the "Security Advisor" tool within the WHM interface to check for outdated software versions.
## References
- cPanel Security Advisories: hxxps[://]support[.]cpanel[.]net/hc/en-us/sections/360007088193-Security
- Canadian Centre for Cyber Security Advisory: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/cpanel-security-advisory-av26-464