cPanel CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203-Patch Released 5/8/26 noon EST

T

thetechguide

New Member
Received this email directly from cPanel; don't see anything published in their forums or support site yet, but I share here:
"
We have identified a new security vulnerability in cPanel & WHM through a trusted disclosure source. Our engineering team is actively developing patches, and we are reaching out early so you can prepare your servers to update as soon as it is available.

To help protect customers prior to patch availability, technical details about vulnerabilities will be released alongside the patches. Full technical details will be published on our support page at the same time the patch is released. The CVE IDs are CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.

Patch & Affected Versions
The patch will be available on May 08 at 12:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update with /scripts/upcp once the patch is made available.

Patched versions:
Screenshot 2026-05-07 at 10.06.56 PM

If you are running an unsupported version of cPanel & WHM not listed above, please update to the latest version using /scripts/upcp

Prepare Now
  • Identify affected servers. Review your servers on the affected version branches above.
  • Check the update configuration. For servers where automatic updates are disabled or version-pinned, review /etc/cpupdate.conf now, so there are no delays when the patch lands.
  • Brief your team. If your environment requires a maintenance window, notify the relevant people so they are ready to act.
  • Manual update. If your team wishes to update impacted servers before an automatic update is triggered, run /scripts/upcp once the patch is made available.
  • Note for CloudLinux 6 users: Before manually updating, set the update tier to the cl6110 branch by running sed -i "s/CPANEL=.*/CPANEL=cl6110/g" /etc/cpupdate.conf

We will follow up the moment the patch is live with full details and remediation steps.

Our support team is available if you have any questions or need further guidance.

Best regards,
Your cPanel Security Team
 
You must log in or register to reply here.
Top