Skip to main content

Cpanel Cloudlinux 6 Centos 6

2 CVEs product

Monthly

CVE-2026-29206 HIGH PATCH This Week

SQL injection in the cPanel/WHM sqloptimizer utility script allows attackers to execute arbitrary SQL queries as the MySQL root user when Slow Query logging is enabled. The flaw affects multiple cPanel branches (11.86 through 11.136), WP Squared, and the CloudLinux 6/CentOS 6 builds, with no public exploit identified at time of analysis. EPSS is low (0.03%) and SSVC marks exploitation as 'none', but technical impact is rated total because the injection runs with full database privileges.

SQLi Cpanel Wp Squared Cpanel Cloudlinux 6 Centos 6
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32991 HIGH PATCH This Week

Privilege escalation in cPanel and WP Squared allows an authenticated team member account to elevate privileges to the team owner, granting full control over the hosting account. The flaw stems from improper authorization checks within the team-member privilege model and carries a CVSS 7.1 (high integrity impact). EPSS is very low (0.03%) and no public exploit has been identified at time of analysis, but a vendor patch is available.

Authentication Bypass Cpanel Wp Squared Cpanel Cloudlinux 6 Centos 6
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

SQL injection in the cPanel/WHM sqloptimizer utility script allows attackers to execute arbitrary SQL queries as the MySQL root user when Slow Query logging is enabled. The flaw affects multiple cPanel branches (11.86 through 11.136), WP Squared, and the CloudLinux 6/CentOS 6 builds, with no public exploit identified at time of analysis. EPSS is low (0.03%) and SSVC marks exploitation as 'none', but technical impact is rated total because the injection runs with full database privileges.

SQLi Cpanel Wp Squared +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Privilege escalation in cPanel and WP Squared allows an authenticated team member account to elevate privileges to the team owner, granting full control over the hosting account. The flaw stems from improper authorization checks within the team-member privilege model and carries a CVSS 7.1 (high integrity impact). EPSS is very low (0.03%) and no public exploit has been identified at time of analysis, but a vendor patch is available.

Authentication Bypass Cpanel Wp Squared +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy