Shared-Hosting

vulnerability 2026-05-10
cPanel Ships Second Emergency TSR in 10 Days: CVE-2026-29201, 29202, 29203 Patch RCE, Arbitrary File Read, DoS
cPanel released its second emergency Technical Security Release in 10 days on May 8, patching three new flaws — including a CVSS 8.8 Perl injection in create_user and a chmod-based privilege escalation — barely a week after the CVE-2026-41940 authentication-bypass meltdown.
cpanel whm rce perl hosting shared-hosting tsr patch-tuesday-adjacent
vulnerabilities 2026-04-29
cPanel & WHM CVE-2026-41940: Critical Auth Bypass Triggers Global Hosting Lockdown
An unauthenticated CRLF-injection auth bypass in cPanel & WHM (CVSS 9.8) sent every major hosting provider into emergency port-blocking mode within hours of disclosure. All supported release tracks are affected.
cpanel whm authentication-bypass CVE-2026-41940 web-hosting shared-hosting

cPanel Ships Second Emergency TSR in 10 Days: CVE-2026-29201, 29202, 29203 Patch RCE, Arbitrary File Read, DoS