cPanel and WHM Patch Three New Vulnerabilities
cPanel has released patches for three vulnerabilities in cPanel and WHM that could lead to privilege escalation, code execution, and denial-of-service.
cPanel has released security updates to address three newly discovered vulnerabilities affecting both cPanel and Web Host Manager (WHM). These flaws could be exploited by attackers to achieve privilege escalation, execute arbitrary code, or trigger a denial-of-service condition [The Hacker News].
Among the vulnerabilities is CVE-2026-29201, which involves insufficient input validation within the "feature::LOADFEATUREFILE" adminbin call. This specific flaw carries a CVSS score of 4.3 and highlights the risks associated with improper handling of feature file names within the administration interface.
Administrators are strongly urged to apply the latest patches immediately to mitigate these risks. cPanel has provided detailed information regarding these updates, and users should consult the official cPanel security documentation to ensure their environments are fully protected against potential exploitation.