CVE-2026-29206

HIGH

Webpros cPanel - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Title source: rule

Description

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

References (1)

Core 1

Core References

https://support.cpanel.net/hc/en-us/articles/40437213099159-Security-CVE-2026-29206-cPanel-WHM-WP2-Security-Update-May-13-2026

Scores

CVSS v3 8.1

EPSS 0.0031

EPSS Percentile 22.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (13)

WebPros/cPanel 11.102.0.0 - 11.102.0.42

WebPros/cPanel 11.110.0.0 - 11.110.0.119

WebPros/cPanel 11.118.0.0 - 11.118.0.67

WebPros/cPanel 11.124.0.0 - 11.124.0.38

WebPros/cPanel 11.126.0.0 - 11.126.0.59

WebPros/cPanel 11.130.0.0 - 11.130.0.23

WebPros/cPanel 11.132.0.0 - 11.132.0.32

WebPros/cPanel 11.134.0.0 - 11.134.0.26

WebPros/cPanel 11.136.0.0 - 11.136.0.10

WebPros/cPanel 11.30.0.0 - 11.86.0.44

... and 3 more

Published May 13, 2026

Tracked Since May 14, 2026