cPanel
Moderate fix5 remedies
cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 11.126, < 11.126.0.59
- >= 11.130, < 11.130.0.23
- >= 11.132, < 11.132.0.32
- >= 11.134, < 11.134.0.26
- >= 11.136, < 11.136.0.10
cPanel and WHM DNS Cluster SSL Verification Vulnerability Allowing Man-in-the-Middle Attacks
Vulnerability
Patched
A vulnerability exists in the DNS Cluster system of cPanel and WHM, specifically in versions 126 and higher, where SSL verification is not properly enforced. This flaw could enable a malicious server to intercept requests and capture credentials. The issue has been addressed in cPanel & WHM versions 11.126.0.59 and higher, 11.130.0.23 and higher, 11.132.0.32 and higher, 11.134.0.26 and higher, and 11.136.0.10 and higher. WP Squared version 11.136.1.12 and higher also includes the patch.
Impact
Exploitation of this vulnerability could lead to unauthorized interception of requests and capture of credentials, allowing for potential unauthorized access or actions on behalf of the user.
Remediation
To address this vulnerability, update cPanel to version 11.126.0.59 or higher, 11.130.0.23 or higher, 11.132.0.32 or higher, 11.134.0.26 or higher, or 11.136.0.10 or higher. For WP Squared, update to version 11.136.1.12 or higher.
Added: May 13, 2026, 10:32 PM
Updated: May 13, 2026, 10:32 PM
Vulnerability Rating
Custom Algorithm
spread
7.6impact
2.5exploitability
6.4remediation
7.7relevance
8.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.