The software cPanel and Manager (WHM) is once again affected by several security vulnerabilities that allow attackers to inject malicious code. According to Heise, the new vulnerabilities are classified as CVE-2026-29202, CVE-2026-292203, and CVE-2026-29201 and should be addressed immediately.
The developers warn that the first vulnerability allows attackers to execute malicious code on behalf of an authenticated user. This security flaw may already have been exploited, leading to over 4,000 attacks in Germany. An administrator stated, "It is crucial to install the updates quickly to protect the systems."
The second vulnerability enables attackers to trigger DoS states through insecure symlink processing, while the third allows unauthorized file access. So far, there are no indications of active attacks, but administrators should not hesitate to install the security updates.
The affected versions of cPanel, WHM, and WP Squared are now secured against these attacks. The developers have already made the security updates available for download to protect the systems.
