cPanel has released new builds for all public update tiers of the cPanel control panel. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to 7.4.
There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.
These issue are resolved in the following builds:
- 80.0.5 & Greater
- 78.0.24 & Greater