CPanel security patch release for CVE-2026-29201
Security Patch Release
Summary
Hide ▲
Show ▼
cPanel released updates for cPanel and Web Host Manager (WHM) to fix three vulnerabilities that could enable privilege escalation, code execution, or denial-of-service. The bundle includes CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, covering arbitrary file read, Perl code execution, and unsafe symlink handling. Fixed builds start at 11.136.0.9+ across supported branches, with WP Squared 11.136.1.10+ and 110.0.114 for older CentOS 6 or CloudLinux 6 users. There is no evidence of in-the-wild exploitation of these three flaws, so upgrading is the immediate protection step.
Related Happenings
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
SimpleHelp security update for CVE-2026-48558
Security Patch Release
H score65
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
SimpleHelp security update for CVE-2026-48558
Security Patch ReleaseAbout this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
Langflow security patch release for CVE-2026-5027
Security Patch Release
H score38
First: 11.06.2026 00:23
Last: 11.06.2026 00:23
Sources 1
About this happening:
**Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
Langflow security patch release for CVE-2026-5027
Security Patch ReleaseAbout this happening: **Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
SolarWinds security patch release for CVE-2026-28318
Security Patch Release
H score82
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
SolarWinds security patch release for CVE-2026-28318
Security Patch ReleaseAbout this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
Timeline
-
09.05.2026 10:16 2 articles · 2mo ago
cPanel patches CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203
Mitigation Patch UpdatecPanel released updates for cPanel and Web Host Manager (WHM) to fix CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, which could allow arbitrary file read, arbitrary Perl code execution, denial-of-service, or possible privilege escalation. Fixed builds start at 11.136.0.9 and higher across supported cPanel and WHM branches, with WP Squared 11.136.1.10 and higher and 110.0.114 for customers still on CentOS 6 or CloudLinux 6. No evidence indicated in-the-wild exploitation of these three flaws.
Show sources
- cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now — thehackernews.com — 09.05.2026 10:16
- cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now — thehackernews.com — 09.05.2026 10:16