{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/cpanel--webhost-manager-whm-software--11.132.0.32/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["cPanel \u0026 WebHost Manager (WHM) software \u003c 11.86.0.44","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.94.0.31","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.102.0.42","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.110.0.118","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.118.0.67","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.124.0.38","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.126.0.59","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.130.0.23","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.132.0.32","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.134.0.26","cPanel \u0026 WebHost Manager (WHM) software \u003c 11.136.0.10","WP Squared 11.136.1.12"],"_cs_severities":["medium"],"_cs_tags":["cpanel","vulnerability","webserver"],"_cs_type":"advisory","_cs_vendors":["cPanel"],"content_html":"\u003cp\u003eOn May 13, 2026, cPanel published security advisories addressing multiple vulnerabilities affecting cPanel \u0026amp; WebHost Manager (WHM) software. These vulnerabilities impact versions prior to 11.86.0.44, 11.94.0.31, 11.102.0.42, 11.110.0.118, 11.118.0.67, 11.124.0.38, 11.126.0.59, 11.130.0.23, 11.132.0.32, 11.134.0.26, 11.136.0.10, and WP Squared 11.136.1.12. Successful exploitation of these vulnerabilities could lead to various impacts, including unauthorized access, information disclosure, or remote code execution, depending on the specific flaw. System administrators are urged to apply the necessary updates as soon as possible to mitigate potential risks. The specific nature of the vulnerabilities is not detailed in this advisory.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable cPanel \u0026amp; WHM instance running an outdated version.\u003c/li\u003e\n\u003cli\u003eAttacker leverages publicly available exploit code or develops a custom exploit based on disclosed vulnerability details.\u003c/li\u003e\n\u003cli\u003eAttacker sends a malicious HTTP request to the targeted cPanel \u0026amp; WHM server, triggering the vulnerability.\u003c/li\u003e\n\u003cli\u003eIf successful, the attacker gains unauthorized access to the cPanel \u0026amp; WHM system.\u003c/li\u003e\n\u003cli\u003eAttacker escalates privileges within the cPanel \u0026amp; WHM environment, potentially gaining root access.\u003c/li\u003e\n\u003cli\u003eAttacker deploys a web shell or other persistent backdoor for continued access and control.\u003c/li\u003e\n\u003cli\u003eAttacker uses the compromised system to launch further attacks, such as defacement, data exfiltration, or malware distribution.\u003c/li\u003e\n\u003cli\u003eAttacker attempts to move laterally within the network, compromising other systems and resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities in cPanel \u0026amp; WHM could lead to significant consequences for web hosting providers and their customers. Impacts may include unauthorized access to sensitive data, defacement of websites, disruption of services, and potential financial losses. The number of affected systems is potentially large, given the widespread use of cPanel \u0026amp; WHM in the web hosting industry.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade cPanel \u0026amp; WebHost Manager (WHM) software to the latest versions (11.86.0.44, 11.94.0.31, 11.102.0.42, 11.110.0.118, 11.118.0.67, 11.124.0.38, 11.126.0.59, 11.130.0.23, 11.132.0.32, 11.134.0.26, 11.136.0.10 and WP Squared 11.136.1.12 or later) as recommended in the cPanel Security advisory.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity that may indicate exploitation attempts, focusing on unusual HTTP requests and error codes (webserver category).\u003c/li\u003e\n\u003cli\u003eImplement a web application firewall (WAF) with rulesets designed to detect and block common cPanel \u0026amp; WHM exploits (webserver category).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T18:41:54Z","date_published":"2026-05-13T18:41:54Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cpanel-vulns/","summary":"cPanel released security advisories addressing vulnerabilities in cPanel \u0026 WebHost Manager (WHM) software versions prior to 11.86.0.44, 11.94.0.31, 11.102.0.42, 11.110.0.118, 11.118.0.67, 11.124.0.38, 11.126.0.59, 11.130.0.23, 11.132.0.32, 11.134.0.26, 11.136.0.10 and WP Squared 11.136.1.12.","title":"cPanel \u0026 WHM Multiple Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2026-05-cpanel-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — CPanel \u0026 WebHost Manager (WHM) Software \u003c 11.132.0.32","version":"https://jsonfeed.org/version/1.1"}