CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers
6 hours ago
- #cPanel security
- #ransomware attack
- #emergency patch
- On May 8, 2026, cPanel released an emergency patch for three new vulnerabilities (CVE-2026-29201, 29202, 29203) after a ransomware attack compromised 44,000 servers.
- Two vulnerabilities have a high CVSS score of 8.8, including arbitrary Perl code execution and privilege escalation via unsafe symlinks, which could be chained for deeper attacks.
- This is the second Technical Security Release (TSR) in 10 days, triggered by a code audit following the earlier critical authentication bypass (CVE-2026 41940) exploitation.
- Immediate patching steps include running "/scripts/upcp", restarting cpsrvd, verifying the version, and checking for compromises like anomalous logs and .sorry ransomware files.
- The concentration of recent vulnerabilities highlights a broader trend of AI-assisted research speeding up exploits, requiring automated updates and vigilant log reviews for server security.