Webpros Cpanel
9 CVEs affecting Webpros Cpanel. Latest disclosed: 2026-05-13. Critical: 1, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41940 | Critical | 9.8 | 2026-04-29 | cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unaut… |
CVE-2026-29203 | High | 8.8 | 2026-05-08 | A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories… |
CVE-2026-29202 | High | 8.8 | 2026-05-08 | Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated… |
CVE-2026-29205 | High | 8.6 | 2026-05-13 | Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints. |
CVE-2026-29201 | High | 8.6 | 2026-05-08 | Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is p… |
CVE-2026-32993 | High | 8.3 | 2026-05-13 | Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header… |
CVE-2026-32992 | High | 8.2 | 2026-05-13 | SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials. |
CVE-2026-29206 | High | 8.1 | 2026-05-13 | Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled. |
CVE-2026-32991 | High | 7.1 | 2026-05-13 | Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. |