Skip to main content

Cpanel CVE-2026-29206

| EUVDEUVD-2026-30203 HIGH
SQL Injection (CWE-89)
2026-05-13 hackerone GHSA-7pf6-43fc-mx36
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 08:44 vuln.today
Patch available
May 14, 2026 - 02:01 EUVD
CVE Published
May 13, 2026 - 22:07 nvd
HIGH 8.1

DescriptionCVE.org

Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

AnalysisAI

SQL injection in the cPanel/WHM sqloptimizer utility script allows attackers to execute arbitrary SQL queries as the MySQL root user when Slow Query logging is enabled. The flaw affects multiple cPanel branches (11.86 through 11.136), WP Squared, and the CloudLinux 6/CentOS 6 builds, with no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: inventory all cPanel/WHM deployments and identify which have Slow Query logging enabled (prioritize highest-risk systems first). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-29206 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy