cPanel Vulnerability Targets Millions of Hosting Accounts

The security team at WHC Labs disclosed a critical vulnerability in cPanel rated CVSS 8.8, allowing an attacker with a regular user account to escalate privileges to root or administrator level.

Technical Details

The vulnerability exploits a flaw in the WHM API validation module, where unverified parameters can be passed to execute commands with elevated privileges. The flaw exists in cPanel versions prior to 122.0.8.

Affected Versions

  • cPanel & WHM 120.x and earlier
  • cPanel & WHM 122.x before update 122.0.8

Fix and Recommendations

  1. Update cPanel immediately by running: /scripts/upcp --force
  2. Review access logs for suspicious activity
  3. Enable two-factor authentication on WHM accounts
  4. Restrict WHM access to specific IPs