GCVE - cpe:2.3:a:webpros:cpanel_(cloudlinux_6,_centos

Approved changes feed: RSS · Atom

cpe:2.3:a:webpros:cpanel_(cloudlinux_6,_centos_6):*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Webpros (`3ebf8919-8933-5275-88f3-83c91ccd7db5`)
Product	Cpanel (Cloudlinux 6, Centos 6) (`6c299ff6-4bf7-5e8e-a7d0-3ab868447d8c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-32991`	vulnerable	2026-06-08 07:57:18.428412	Details available HIGH (7.1) Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. Published: 2026-05-13T22:07:16.151Z Updated: 2026-05-14T13:11:23.622Z Open on db.gcve.eu Reference links https://support.cpanel.net/hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-29206`	vulnerable	2026-06-08 07:55:16.230405	Details available HIGH (8.1) Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled. Published: 2026-05-13T22:07:16.256Z Updated: 2026-05-14T13:55:12.266Z Open on db.gcve.eu Reference links https://support.cpanel.net/hc/en-us/articles/40437213099159-Security-CVE-2026-29206-cPanel-WHM-WP2-Security-Update-May-13-2026	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-29203`	vulnerable	2026-06-08 07:55:16.227381	Details available A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory. Published: 2026-05-08T18:51:05.541Z Updated: 2026-05-15T17:14:52.318Z Open on db.gcve.eu Reference links https://support.cpanel.net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203-cPanel-WHM-WP2-Security-Update-May-08-2026	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-29202`	vulnerable	2026-06-08 07:55:16.226919	Details available Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user. Published: 2026-05-08T18:51:05.585Z Updated: 2026-05-13T22:03:15.187Z Open on db.gcve.eu Reference links https://support.cpanel.net/hc/en-us/articles/40311426610327-Security-CVE-2026-29202-cPanel-WHM-WP2-Security-Update-May-08-2026	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-29201`	vulnerable	2026-06-08 07:55:16.226496	Details available HIGH (8.6) Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed. Published: 2026-05-08T18:51:05.803Z Updated: 2026-05-13T21:59:09.469Z Open on db.gcve.eu Reference links https://support.cpanel.net/hc/en-us/articles/40311033698327-Security-CVE-2026-29201-cPanel-WHM-WP2-Security-Update-May-08-2026	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Cpanel (Cloudlinux 6, Centos 6)

PURL mappings

Vulnerability references

Contribute