Changeflow GovPing Data Privacy & Cybersecurity Critical cPanel Vulnerability Enables Remote Co...
Urgent Guidance Added Final

Critical cPanel Vulnerability Enables Remote Code Execution

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 31st, 2026
Detected April 1st, 2026
Email

Summary

CERT-Bund issued a critical security advisory (WID-SEC-2026-0939) regarding a remote code execution vulnerability in cPanel cPanel/WHM software. The vulnerability in perl-YAML-Syck component carries a CVSS Base Score of 9.1. Affected versions include cPanel/WHM versions prior to 110.0.93, 126.0.50, and 134.0.13. A remote, unauthenticated attacker can exploit this flaw to execute arbitrary code or cause denial of service.

View original document View source feed page

What changed

CERT-Bund published security advisory WID-SEC-2026-0939 warning of a critical vulnerability in cPanel cPanel/WHM (perl-YAML-Syck) with CVSS Base Score 9.1. The flaw allows remote, unauthenticated attackers to potentially execute arbitrary code or cause denial of service. Affected products are cPanel cPanel/WHM versions below 110.0.93, 126.0.50, and 134.0.13.

Organizations running vulnerable cPanel installations on Linux or UNIX systems should immediately update to one of the patched versions (110.0.93, 126.0.50, or 134.0.13) or apply available mitigations. System administrators should prioritize patching internet-facing hosting servers as remote exploitation is possible without authentication.

What to do next

  1. Update cPanel cPanel/WHM to version 110.0.93, 126.0.50, or 134.0.13 or later
  2. Apply available mitigations if immediate patching is not feasible
  3. Audit systems for indicators of compromise given remote code execution capability

Source document (simplified)

[WID-SEC-2026-0939] cPanel cPanel/WHM (perl-YAML-Syck): Schwachstelle ermöglicht Codeausführung und DoS CVSS Base Score 9.1 (kritisch) CVSS Temporal Score 7.9 (hoch) Remoteangriff ja Datum 31.03.2026 Stand 01.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX

Produktbeschreibung

cPanel ist eine Software für die Verwaltung von Webhosting Auftritten. Die Software ermöglicht es dem Endanwender, Statistiken einzusehen, neue Benutzeraccounts anzulegen, Maileinstellungen zu verändern und vieles mehr.

Produkte

31.03.2026
- cPanel cPanel/WHM <110.0.93

  • cPanel cPanel/WHM <126.0.50

  • cPanel cPanel/WHM <134.0.13

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cPanel cPanel/WHM ausnutzen, um potenziell beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Critical xz Utils Vulnerability Enables Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Vim Vulnerability - Arbitrary Code Execution Risk
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
Priority review Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
Priority review Apr 01, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiples vulnérabilités dans les produits Microsoft
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Chrome Vulnerabilities - Actively Exploited CVE-2026-5281
Urgent Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 31st, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
WID-SEC-2026-0939

Who this affects

Applies to
Technology companies Government agencies Telecommunications firms
Industry sector
5112 Software & Technology 5170 Telecommunications 5182 Data Processing & Hosting
Activity scope
Vulnerability Management Server Administration Patch Management
Threshold
cPanel cPanel/WHM versions <110.0.93, <126.0.50, <134.0.13
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF NIST 800-53
Topics
Data Privacy Telecommunications

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 316 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.