CVE-2026-32991_CVE-2026-32991

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Description

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.

Basic Information

ID CVE-2026-32991

Source hackerone

Published May 13, 2026 at 22:07

Affected Product

Vendor WebPros

Product cPanel

Version 11.136.0.0

Affected Versions WebPros cPanel 11.136.0.0
WebPros cPanel 11.134.0.0
WebPros cPanel 11.132.0.0
WebPros cPanel 11.130.0.0
WebPros cPanel 11.126.0.0
WebPros cPanel 11.124.0.0
WebPros cPanel 11.118.0.0
WebPros cPanel 11.110.0.0
WebPros WP Squared 11.136.1.0
WebPros cPanel (CloudLinux 6, CentOS 6) 11.110.0.0

CWE Classification

CWE-863

References

support.cpanel.net /hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026

{
    "lastseen": "",
    "description": "Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.",
    "published": "2026-05-13T22:07:16.151Z",
    "modified": "2026-05-13T22:07:16.151Z",
    "type": "cve",
    "title": "CVE-2026-32991",
    "source": "hackerone",
    "references": "https://support.cpanel.net/hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026",
    "id": "CVE-2026-32991",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "WebPros cPanel 11.136.0.0\nWebPros cPanel 11.134.0.0\nWebPros cPanel 11.132.0.0\nWebPros cPanel 11.130.0.0\nWebPros cPanel 11.126.0.0\nWebPros cPanel 11.124.0.0\nWebPros cPanel 11.118.0.0\nWebPros cPanel 11.110.0.0\nWebPros WP Squared 11.136.1.0\nWebPros cPanel (CloudLinux 6, CentOS 6) 11.110.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cPanel",
    "version": "11.136.0.0",
    "vendor": "WebPros",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}