Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CPanel security patch release for CVE-2026-29201

Security Patch Release
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

cPanel released updates for cPanel and Web Host Manager (WHM) to fix three vulnerabilities that could enable privilege escalation, code execution, or denial-of-service. The bundle includes CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, covering arbitrary file read, Perl code execution, and unsafe symlink handling. Fixed builds start at 11.136.0.9+ across supported branches, with WP Squared 11.136.1.10+ and 110.0.114 for older CentOS 6 or CloudLinux 6 users. There is no evidence of in-the-wild exploitation of these three flaws, so upgrading is the immediate protection step.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

Drupal core security update for CVE-2026-9082

Security Patch Release
First: 22.05.2026 16:14 Last: 22.05.2026 16:14 Sources 1

About this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

Timeline

  1. 09.05.2026 10:16 2 articles · 18d ago

    cPanel patches CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203

    Mitigation Patch Update

    cPanel released updates for cPanel and Web Host Manager (WHM) to fix CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, which could allow arbitrary file read, arbitrary Perl code execution, denial-of-service, or possible privilege escalation. Fixed builds start at 11.136.0.9 and higher across supported cPanel and WHM branches, with WP Squared 11.136.1.10 and higher and 110.0.114 for customers still on CentOS 6 or CloudLinux 6. No evidence indicated in-the-wild exploitation of these three flaws.

    Show sources
    Open in new tab