CVE-2026-29203
published 2026-05-08CVE-2026-29203: A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.49%
38.6th percentile
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webpros | cpanel | >= 11.102.0.0 < 11.102.0.41 | 11.102.0.41 |
| webpros | cpanel | >= 11.110.0.0 < 11.110.0.117 | 11.110.0.117 |
| webpros | cpanel | >= 11.118.0.0 < 11.118.0.66 | 11.118.0.66 |
| webpros | cpanel | >= 11.124.0.0 < 11.124.0.37 | 11.124.0.37 |
| webpros | cpanel | >= 11.126.0.0 < 11.126.0.58 | 11.126.0.58 |
| webpros | cpanel | >= 11.130.0.0 < 11.130.0.22 | 11.130.0.22 |
| webpros | cpanel | >= 11.132.0.0 < 11.132.0.31 | 11.132.0.31 |
| webpros | cpanel | >= 11.134.0.0 < 11.134.0.25 | 11.134.0.25 |
| webpros | cpanel | >= 11.136.0.0 < 11.136.0.9 | 11.136.0.9 |
| webpros | cpanel | >= 11.86.0.0 < 11.86.0.43 | 11.86.0.43 |
| webpros | cpanel | >= 11.94.0.0 < 11.94.0.30 | 11.94.0.30 |
| webpros | wp_squared | >= 11.136.1.0 < 11.136.1.10 | 11.136.1.10 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability involves a chmod call in Cpanel::Nova::Connector that follows symlinks — monitor for symlink creation by cPanel users under their home directory targeting sensitive system files/directories, followed by a chmod permission change on the resolved target. ↗
- →Monitor for symlinks placed at user-controlled legacy Nova paths under cPanel user home directories (e.g., ~/nova/ or similar legacy Nova path locations) pointing to sensitive system files or directories. ↗
- →Alert on unexpected chmod operations executed as root on files/directories outside the cPanel user's home directory, especially when the target path resolves through a symlink originating from a user home directory. ↗
- ·Vulnerability only affects unpatched cPanel/WHM versions. Patched versions are 11.136.0.9+, 11.134.0.25+, 11.132.0.31+, 11.130.0.22+, 11.126.0.58+, 11.124.0.37+, 11.118.0.66+, 11.110.0.116+, 11.110.0.117+, 11.102.0.41+, 11.94.0.30+, 11.86.0.43+, 11.136.1.10+. Verify installed version before triaging detections. ↗
- ·Exploitation requires an already-authenticated cPanel user account; unauthenticated remote exploitation is not possible for this CVE. ↗
- ·No evidence of in-the-wild exploitation has been reported for CVE-2026-29203 at time of disclosure. ↗
- ·CentOS 6 / CloudLinux 6 customers have a dedicated direct-update release (110.0.114) rather than the standard patched versions. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3x6m-3grh-599c: A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or dire
ghsa_unreviewed·2026-05-08
CVE-2026-29203 [HIGH] CWE-61 GHSA-3x6m-3grh-599c: A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or dire
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.
VulDB
WebPros cPanel/WP Squared Chmod Call Cpanel::Nova::Connector symlink
vuldb·2026-05-08·CVSS 8.8
CVE-2026-29203 [HIGH] WebPros cPanel/WP Squared Chmod Call Cpanel::Nova::Connector symlink
A vulnerability was found in WebPros cPanel and WP Squared. It has been rated as critical. This impacts the function Cpanel::Nova::Connector of the component Chmod Call Handler. The manipulation leads to symlink following.
This vulnerability is uniquely identified as CVE-2026-29203. Local access is required to approach this attack. No exploit exists.
Upgrading the affected component is advised.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
blogs_hackernews·2026-05-11·CVSS 9.3
CVE-2026-6973 [CRITICAL] ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.
Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay there.
The weird part is how normal this all sounds now. Fake updates. Quiet backdoors. Remote tools are used like skeleton keys. Forum rats swapping st
Hackernews
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
blogs_hackernews·2026-05-09·CVSS 4.3
CVE-2026-29201 [MEDIUM] cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.
The list of vulnerabilities is as follows -
CVE-2026-29201 (CVSS score: 4.3) - An insufficient input validation of the feature file name in the "feature::LOADFEATUREFILE" adminbin call that could result in an arbitrary file read.
CVE-2026-29202 (CVSS score: 8.8) - An insufficient input validation of the "plugin" parameter in the "create_user API" call that could res
2026-05-08
Published