CVE-2026-29201_CVE-2026-29201

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.

Basic Information

ID CVE-2026-29201

Source hackerone

Published May 8, 2026 at 18:51

Modified May 8, 2026 at 19:52

Affected Product

Vendor WebPros

Product cPanel

Version 11.136.0.0

Affected Versions WebPros cPanel 11.136.0.0
WebPros cPanel 11.134.0.0
WebPros cPanel 11.132.0.0
WebPros cPanel 11.130.0.0
WebPros cPanel 11.126.0.0
WebPros cPanel 11.124.0.0
WebPros cPanel 11.118.0.0
WebPros cPanel 11.110.0.0
WebPros cPanel 11.110.0.0
WebPros cPanel 11.102.0.0
WebPros cPanel 11.94.0.0
WebPros cPanel 11.86.0
WebPros WP Squared 11.136.1.0
WebPros cPanel (CentOS 6, CloudLinux 6) 11.110.0.0

CWE Classification

CWE-20

References

support.cpanel.net /hc/en-us/articles/40311033698327-Security-CVE-2026-29201-cPanel-WHM-WP2-Security-Update-May-08-2026

{
    "lastseen": "",
    "description": "Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.",
    "published": "2026-05-08T18:51:05.803Z",
    "modified": "2026-05-08T19:52:40.780Z",
    "type": "cve",
    "title": "CVE-2026-29201",
    "source": "hackerone",
    "references": "https://support.cpanel.net/hc/en-us/articles/40311033698327-Security-CVE-2026-29201-cPanel-WHM-WP2-Security-Update-May-08-2026",
    "id": "CVE-2026-29201",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "WebPros cPanel 11.136.0.0\nWebPros cPanel 11.134.0.0\nWebPros cPanel 11.132.0.0\nWebPros cPanel 11.130.0.0\nWebPros cPanel 11.126.0.0\nWebPros cPanel 11.124.0.0\nWebPros cPanel 11.118.0.0\nWebPros cPanel 11.110.0.0\nWebPros cPanel 11.110.0.0\nWebPros cPanel 11.102.0.0\nWebPros cPanel 11.94.0.0\nWebPros cPanel 11.86.0\nWebPros WP Squared 11.136.1.0\nWebPros cPanel (CentOS 6, CloudLinux 6) 11.110.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cPanel",
    "version": "11.136.0.0",
    "vendor": "WebPros",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}