Deepthix .
← Retour au blog
tech 10 May 2026

cPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers

cPanel was recently shaken by a massive ransomware attack. Discover the three new critical vulnerabilities patched to secure 44,000 servers.

Article inspired by the original source
CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers ↗ www.copahost.com

Introduction

Managing web servers is already a complex challenge, but when a widespread platform like cPanel is compromised, it becomes a nightmare for many administrators. In May 2026, cPanel faced an attack that compromised 44,000 servers using an authentication flaw. In response, three new vulnerabilities were discovered and patched. Let's dive into the details.

What is a cPanel TSR?

A Technical Security Release (TSR) is the standardized process by which cPanel releases security patches. These patches are preceded by a notification to registered customers to allow them to schedule updates. This proactive approach helps mitigate the risk of exploiting vulnerabilities before they are fixed.

The Three New Vulnerabilities

CVE-2026-29201 — Arbitrary File Read (CVSS 4.3)

This vulnerability allows an authenticated attacker to manipulate a parameter to read files they should not have access to. While this does not directly grant root access, the information obtained can be used for more severe follow-up attacks. With a CVSS score of 4.3, it is considered moderate but should be patched immediately.

CVE-2026-29202 — Arbitrary Perl Code Execution (CVSS 8.8)

This flaw is due to insufficient input validation, allowing an attacker to execute arbitrary Perl code. This vulnerability, with a CVSS score of 8.8, is classified as high, making it extremely dangerous. A successful exploit could completely compromise the server.

CVE-2026-29203 — Privilege Escalation via Unsafe Symlink (CVSS 8.8)

This vulnerability allows an attacker to escalate privileges by exploiting unsafe symlinks. With a high score of 8.8, it poses a serious threat, especially in environments where elevated privileges can cause significant damage.

Context: The Attack on cPanel

On May 8, 2026, cPanel fell victim to a massive attack exploiting the CVE-2026-41940 flaw. This attack served as a trigger for a thorough code audit, revealing the vulnerabilities mentioned above. This incident underscores the critical importance of regular audits and security updates.

How to Patch — Step by Step

  1. Check for Available Updates: Log in to your cPanel dashboard and check for available security updates.
  2. Schedule a Maintenance Window: Notify your users of a brief downtime to apply updates.
  3. Apply the Patches: Follow cPanel's guide to install updates securely.

Should You Also Check for the Previous Compromise?

Absolutely. It's crucial to ensure that the CVE-2026-41940 flaw has been patched on all your servers. An oversight could leave a door open for attackers.

Conclusion

cPanel's recent black week serves as a stark reminder of the importance of security in server management. With three new vulnerabilities patched, it's imperative for administrators to stay vigilant and proactive.

Let's discuss your project in 15 minutes.

cPanel vulnérabilités sécurité serveurs patch
Deepthix newsletter · 100% AI · every Monday 8am

An AI agent reads tech for you.

Our AI agent scans ~200 sources per week and ships the best articles to your inbox Monday 8am. Free. One click to unsubscribe.

Visit the newsletter page →

Want to automate your operations?

Let's talk about your project in 15 minutes.

Book a call