cPanel security advisory (AV26-437) 

Serial number: AV26-437
Date: May 8, 2026

On May 8, 2026, cPanel published security advisories to address vulnerabilities in the following product:

• cPanel & WebHost Manager (WHM) software – versions prior to 11.136.0.9, 11.134.0.25, 11.132.0.31, 11.130.0.22, 11.126.0.58, 11.124.0.37, 11.118.0.66, 11.110.0.116, 11.110.0.117, 11.102.0.41, 11.94.0.30, 11.86.0.43 and WP Squared 11.136.1.10

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security: CVE-2026-29201 - cPanel & WHM / WP2 Security Update - May 08, 2026
• Security: CVE-2026-29202 - cPanel & WHM / WP2 Security Update - May 08, 2026
• Security: CVE-2026-29203 - cPanel & WHM / WP2 Security Update - May 08, 2026
• cPanel Support Topics