Primary

Context

cPanel and WHM Privilege Management Vulnerability Allowing Arbitrary File Read

Vulnerability

Patched

A vulnerability in cPanel and WHM has been identified, allowing the reading of arbitrary files on the server. This issue arises from incorrect privilege management and inadequate path filtering, which together enable file access through specific cpdavd attachment download endpoints. The vulnerability affects cPanel & WHM versions 120 and higher.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Remediation

Users can update to cPanel & WHM versions 11.124.0.38 and higher, 11.126.0.59 and higher, 11.130.0.23 and higher, 11.132.0.32 and higher, 11.134.0.26 and higher, or 11.136.0.10 and higher. To apply the update, run the command '/scripts/upcp --force' and verify the installation by checking the cPanel version with '/usr/local/cpanel/cpanel -V'.

Added: May 13, 2026, 10:32 PM

Updated: May 13, 2026, 10:32 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

6.8

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

6.8

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

cPanel and WHM Privilege Management Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Remediation

Affected Products

cPanel

cPanel WHM

cPanel WP Squared

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating