We have identified a new security vulnerability in cPanel & WHM through a trusted disclosure source. Our engineering team is actively developing patches, and we are reaching out early so you can prepare your servers to update as soon as it is available.

To help protect customers prior to patch availability, technical details about vulnerabilities will be released alongside the patches. Full technical details will be published on our support page at the same time the patch is released. The CVE IDs are CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.

Patch & Affected Versions
The patch will be available on May 08 at 12:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update with /scripts/upcp once the patch is made available.