CVE-2026-29206_CVE-2026-29206

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Description

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

Basic Information

ID CVE-2026-29206

Source hackerone

Published May 13, 2026 at 22:07

Affected Product

Vendor WebPros

Product cPanel

Version 11.136.0.0

Affected Versions WebPros cPanel 11.136.0.0
WebPros cPanel 11.134.0.0
WebPros cPanel 11.132.0.0
WebPros cPanel 11.130.0.0
WebPros cPanel 11.126.0.0
WebPros cPanel 11.124.0.0
WebPros cPanel 11.118.0.0
WebPros cPanel 11.110.0.0
WebPros cPanel 11.102.0.0
WebPros cPanel 11.94.0.0
WebPros cPanel 11.30.0.0
WebPros WP Squared 11.136.1.0
WebPros cPanel (CloudLinux 6, CentOS 6) 11.110.0.0

CWE Classification

CWE-89

References

support.cpanel.net /hc/en-us/articles/40437213099159-Security-CVE-2026-29206-cPanel-WHM-WP2-Security-Update-May-13-2026

{
    "lastseen": "",
    "description": "Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.",
    "published": "2026-05-13T22:07:16.256Z",
    "modified": "2026-05-13T22:07:16.256Z",
    "type": "cve",
    "title": "CVE-2026-29206",
    "source": "hackerone",
    "references": "https://support.cpanel.net/hc/en-us/articles/40437213099159-Security-CVE-2026-29206-cPanel-WHM-WP2-Security-Update-May-13-2026",
    "id": "CVE-2026-29206",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "WebPros cPanel 11.136.0.0\nWebPros cPanel 11.134.0.0\nWebPros cPanel 11.132.0.0\nWebPros cPanel 11.130.0.0\nWebPros cPanel 11.126.0.0\nWebPros cPanel 11.124.0.0\nWebPros cPanel 11.118.0.0\nWebPros cPanel 11.110.0.0\nWebPros cPanel 11.102.0.0\nWebPros cPanel 11.94.0.0\nWebPros cPanel 11.30.0.0\nWebPros WP Squared 11.136.1.0\nWebPros cPanel (CloudLinux 6, CentOS 6) 11.110.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cPanel",
    "version": "11.136.0.0",
    "vendor": "WebPros",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}