Find notable cyber news and cases, enriched with sources, timelines, and signals.

CPanel security patch release for CVE-2026-29201

Security Patch Release
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

cPanel released updates for cPanel and Web Host Manager (WHM) to fix three vulnerabilities that could enable privilege escalation, code execution, or denial-of-service. The bundle includes CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, covering arbitrary file read, Perl code execution, and unsafe symlink handling. Fixed builds start at 11.136.0.9+ across supported branches, with WP Squared 11.136.1.10+ and 110.0.114 for older CentOS 6 or CloudLinux 6 users. There is no evidence of in-the-wild exploitation of these three flaws, so upgrading is the immediate protection step.

Related Happenings

CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)

Advisory/Mitigation
H score38 First: 16.06.2026 08:41 Last: 16.06.2026 08:41 Sources 1

About this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...

SimpleHelp security update for CVE-2026-48558

Security Patch Release
H score65 First: 15.06.2026 23:06 Last: 15.06.2026 23:06 Sources 1

About this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...

Langflow security patch release for CVE-2026-5027

Security Patch Release
H score38 First: 11.06.2026 00:23 Last: 11.06.2026 00:23 Sources 1

About this happening: **Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...

Everest Forms Pro plugin patch for CVE-2026-3300

Security Patch Release
H score43 First: 06.06.2026 17:09 Last: 06.06.2026 17:09 Sources 1

About this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...

SolarWinds security patch release for CVE-2026-28318

Security Patch Release
H score82 First: 05.06.2026 22:15 Last: 05.06.2026 22:15 Sources 1

About this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...

Timeline

  1. 09.05.2026 10:16 2 articles · 2mo ago

    cPanel patches CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203

    Mitigation Patch Update

    cPanel released updates for cPanel and Web Host Manager (WHM) to fix CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, which could allow arbitrary file read, arbitrary Perl code execution, denial-of-service, or possible privilege escalation. Fixed builds start at 11.136.0.9 and higher across supported cPanel and WHM branches, with WP Squared 11.136.1.10 and higher and 110.0.114 for customers still on CentOS 6 or CloudLinux 6. No evidence indicated in-the-wild exploitation of these three flaws.

    Show sources