[CIVN-2026-0245] Multiple Vulnerabilities in cPanel & WHM (WP2)
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in cPanel & WHM (WP2)
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Systems Affected
cPanel & WHM (Web Host Manager) versions:
prior to 11.136.0.10
prior to 11.134.0.26
prior to 11.132.0.32
prior to 11.130.0.23
prior to 11.126.0.59
prior to 11.124.0.38
prior to 11.118.0.67
prior to 11.110.0.118
prior to 11.102.0.42
prior to 11.94.0.31
prior to 11.86.0.44
WP Squared version prior to 11.136.1.12
Overview
Multiple vulnerabilities have been reported in cPanel & WHM, which could allow an attacker to trigger elevation of privilege, conduct man-in-the-middle attacks, execute arbitrary code and gain unauthorized access to sensitive information on the targeted systems.
Target Audience:
Organizations and individuals using the affected cPanel & WHM-based hosting environments.
Risk Assessment:
High risk of privilege escalation, sensitive information disclosure, credential interception and compromise of affected systems.
Impact Assessment:
Potential unauthorized access to sensitive information or full system compromise.
Description
cPanel & WHM is a widely used web hosting control panel that provides administrative (WHM) and user-level (cPanel) interfaces for managing servers and websites.
Multiple vulnerabilities exist in cPanel and WHM due to improper authorization checks in team management functionality, disabled SSL certificate verification in the DNS Cluster feature, improper sanitization of HTTP query parameters and insufficient input validation mechanisms.
Successful exploitation of these vulnerabilities could allow an attacker to trigger elevation of privilege, conduct man-in-the-middle attacks, execute arbitrary code and gain unauthorized access to sensitive information on the targeted systems.
Solution
Apply appropriate software updates as mentioned by the vendor:
https://support.cpanel.net/hc/en-us/articles/40437313190295-Security-CVE-2026-32993-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437241987607-Security-CVE-2026-32992-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437213099159-Security-CVE-2026-29206-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026
Vendor Information
cPanel
https://support.cpanel.net/hc/en-us/articles/40437313190295-Security-CVE-2026-32993-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437241987607-Security-CVE-2026-32992-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437213099159-Security-CVE-2026-29206-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026
References
cPanel
https://support.cpanel.net/hc/en-us/articles/40437313190295-Security-CVE-2026-32993-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437241987607-Security-CVE-2026-32992-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437213099159-Security-CVE-2026-29206-cPanel-WHM-WP2-Security-Update-May-13-2026
https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026
CVE Name
CVE-2026-32993
CVE-2026-32992
CVE-2026-32991
CVE-2026-29206
CVE-2026-29205
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoMe7MACgkQ3jCgcSdc
ys/xdRAAkN7sJm1kv9217FiPo0q9Uqud+eWYhW1hw/PvmXW/hxjBO/M0ilwx7BTV
z590lKAWOvjjy1ExQpSSJyLXa62aIA/pIHFGbWedJ7c7De8iee5LZm3fGoK1tn3i
EplQHnUzp8+M+eHHULEzfrCqEbiWwxfLJiSQnJb+T4rnSvecijmx6+vWpk6b+OJ1
wJocNCfIVOX4CekE7QHNfsHozkj+Iq9WdD7QS9BLfYNgh2mN7HGRBD52TdYnsksu
9ymAlKBdjn8VQA2thIijKP6wWHpKm9t2FONld2AEj7Lf1Hn4O5pI7OxHYY4nCzUs
aztTgP4Yr/J6TasuVlcjkya/ExtwYMKCG12XxUY64yhecL8HSnXClmS1lI8Q+vaP
2pk0mzfSXSUwMyoN0VlyWTMIvTzNpxKIFljccw1T2nBp/Y1eY04lSPHEhXoN+uz7
xnenjBY8sBeeGjzcGz1aZpdusrtuFUP/t1lqW8NLwCFflZ+nTqSl+EH7q+PJKayP
ct9Y2MwgVKZRpK7RpFKqS+qV5v6gsqYpCqbHS6ry2Vi20JSJAGomogoJEWzvw3Uf
EK+RHJUDtD2E49ORHuaNXf6QgekqA0kOuiQ9WyvyGXkEh5sMlLtiKr7RaHZe+g/X
QE6+Mgucf4xDS4dXH5Jvswn1Tfiq74guh2GXoASXEo8lA5180Ts=
=SU1n
—–END PGP SIGNATURE—–
![[CIAD-2026-0024] Multiple Vulnerabilities in Intel Products](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
