Home / Vulnerability Intelligence / CVE-2026-29203

CVE-2026-29203 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 8, 2026

cPanel Nova - Privilege Escalation & Denial of Service

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

cPanel Nova plugin contains a local privilege escalation and denial of service vulnerability caused by a chmod call following symlinks, letting authenticated users set root permissions on arbitrary files, exploit requires authenticated user symlink placement.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated users can escalate privileges or cause denial of service by setting root permissions on arbitrary files.

Mitigation

Update to the latest version of the cPanel Nova plugin that fixes symlink handling.

References

https://support.cpanel.net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203-cPanel-WHM-WP2-Security-Update-May-08-2026

Related Resources

Details

CVE ID: CVE-2026-29203
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: new

CWE

CWE-61

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H