Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Multiple vulnerabilities in cPanel and WHM, leading to privilege escalation, Patch Immediately!
Image
Gepubliceerd : 12/05/2026
- Last update: 12/05/2026
- Affected software:
cPanel & WHM versions: 11.136.0.8 and lower, 11.134.0.24 and lower, 11.132.0.30 and lower, 11.130.0.21 and lower, 11.126.0.57 and > lower, 11.124.0.36 and lower, 11.118.0.65 and lower, 11.110.0.115 and lower, 11.110.0.116 and lower, 11.102.0.40 and lower, 11.94.0.29 and lower, 11.86.0.42 and lower
WP Squared version: 11.136.1.9 and higher- Type: CWE-20 Improper Input Validation, CWE-61 UNIX Symbolic Link (Symlink) Following
- CVE/CVSS:
CVE-2026-29201: CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE-2026-29202: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2026-29203: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
https://support.cpanel.net/hc/en-us/articles/40311033698327-Security-CVE-2026-29201-cPanel-WHM-WP2-Security-Update-May-08-2026
https://support.cpanel.net/hc/en-us/articles/40311426610327-Security-CVE-2026-29202-cPanel-WHM-WP2-Security-Update-May-08-2026
https://support.cpanel.net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203-cPanel-WHM-WP2-Security-Update-May-08-2026
Risks
An authenticated user can execute arbitrary Perl code on behalf of the already authenticated account's system user. A user can also cause DoS and escalate their privileges. When a relative path is passed a specific feature in adminbin, an arbitrary file can be made world-readable. These vulnerabilities have a high impact on confidentiality, integrity and availability.
Description
The create_user API call has a Perl code injection method relating to the plugin parameter, allowing a user to execute arbitrary code. A user can chmod arbitrary files due to an unsafe symlink handling error, allowing for denial of service and possible privilege escalation. The feature::LOADFEATUREFILE adminbin callhas an arbitrary file read vulnerability. A relative path may be passed as the argument to this call, causing an arbitrary file to be made world-readable.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
References
https://nvd.nist.gov/vuln/detail/CVE-2026-29201
https://nvd.nist.gov/vuln/detail/CVE-2026-29202
https://nvd.nist.gov/vuln/detail/CVE-2026-29203