cPanel has released updates for three vulnerabilities in cPanel and WHM that could lead to arbitrary file read, Perl code execution, denial-of-service, and possible privilege escalation. The patches are available across multiple supported versions, and users on older CentOS 6 or CloudLinux 6 systems should update to 110.0.114 while noting that CVE-2026-41940 was recently weaponized to deploy Mirai and Sorry. #cPanel #WHM #CVE-2026-29201 #CVE-2026-29202 #CVE-2026-29203 #CVE-2026-41940 #Mirai #Sorry
Keypoints
- cPanel fixed three security flaws in cPanel and WHM.
- CVE-2026-29201 could allow arbitrary file read through insufficient input validation.
- CVE-2026-29202 could enable arbitrary Perl code execution for an authenticated user.
- CVE-2026-29203 involves unsafe symlink handling that may cause denial-of-service or privilege escalation.
- Users should upgrade to the latest supported releases, including 110.0.114 for CentOS 6 and CloudLinux 6.
Read More: https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html