cPanel, WHM Patch Three New Vulnerabilities: Privilege Escalation, RCE Risks
cPanel has rolled out critical updates for cPanel and Web Host Manager (WHM), addressing three distinct vulnerabilities. According to The Hacker News, these flaws could enable privilege escalation, arbitrary code execution, and denial-of-service attacks. The most notable vulnerability, CVE-2026-29201 (CVSS: 4.3), stems from insufficient input validation concerning feature file names within the feature::LOADFEATUREFILE adminbin call.
This particular flaw, as detailed by The Hacker News, highlights a common attack vector: trusting user input without rigorous validation. While the CVSS score of 4.3 for CVE-2026-29201 might seem moderate, any vulnerability allowing for privilege escalation or code execution in a widely deployed web hosting control panel like cPanel is a severe concern. Attackers are constantly looking for chinks in the armor of foundational infrastructure components.
For defenders, this means cPanel and WHM instances are prime targets. Exploiting these vulnerabilities could grant an attacker significant control over a server, impacting multiple hosted websites and applications. The attackerβs calculus here is straightforward: compromise one central component, gain access to many downstream targets.
What This Means For You
- If your organization relies on cPanel or WHM, you need to prioritize these patches immediately. Attackers are actively scanning for unpatched systems. Do not delay. Verify that all your cPanel and WHM installations are updated to the latest secure versions to prevent privilege escalation and remote code execution.
Related ATT&CK Techniques
π‘οΈ Detection Rules
3 rules Β· 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β export to any SIEM format via the Intel Bot.
cPanel WHM Feature File Privilege Escalation
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-29201 | Privilege Escalation | cPanel & WHM: insufficient input validation of feature file name in 'feature::LOADFEATUREFILE' adminbin call |
| CVE-2026-29201 | Code Execution | cPanel & WHM: insufficient input validation of feature file name in 'feature::LOADFEATUREFILE' adminbin call |
| CVE-2026-29201 | DoS | cPanel & WHM: insufficient input validation of feature file name in 'feature::LOADFEATUREFILE' adminbin call |
Written by SCW Vulnerability Desk
Related coverage on
TCLBANKER Banking Trojan Targets 59 Financial Platforms via WhatsApp, Outlook Worms
The Hacker News reports on a newly identified Brazilian banking trojan, TCLBANKER, which is actively targeting 59 distinct banking, fintech, and cryptocurrency platforms. Elastic Security...
Schumer Demands DHS AI Cyber Plan for State, Local Governments
Senate Minority Leader Chuck Schumer has pressed the Department of Homeland Security (DHS) for an urgent plan to coordinate with state, local, tribal, and territorial...
Fake Call History Apps Steal Payments After Millions of Play Store Downloads
The Hacker News reports a significant mobile fraud campaign involving 28 malicious apps on the official Google Play Store. These apps, collectively downloaded over 7.3...