HomeDefault status
unaffected
11.136.0.0 (semver) before 11.136.0.9
affected
11.134.0.0 (semver) before 11.134.0.25
affected
11.132.0.0 (semver) before 11.132.0.31
affected
11.130.0.0 (semver) before 11.130.0.22
affected
11.126.0.0 (semver) before 11.126.0.58
affected
11.124.0.0 (semver) before 11.124.0.37
affected
11.118.0.0 (semver) before 11.118.0.66
affected
11.110.0.0 (semver) before 11.110.0.116
affected
11.110.0.0 (semver) before 11.110.0.117
affected
11.102.0.0 (semver) before 11.102.0.41
affected
11.94.0.0 (semver) before 11.94.0.30
affected
11.86.0 (semver) before 11.86.0.43
affected
Default status
unaffected
11.136.1.0 (semver) before 11.136.1.10
affected
Default status
unaffected
11.110.0.0 (semver) before 11.110.0.114
affected
Description
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
Problem types
CWE-20 Improper Input Validation
Product status
11.136.0.0 (semver) before 11.136.0.9
11.134.0.0 (semver) before 11.134.0.25
11.132.0.0 (semver) before 11.132.0.31
11.130.0.0 (semver) before 11.130.0.22
11.126.0.0 (semver) before 11.126.0.58
11.124.0.0 (semver) before 11.124.0.37
11.118.0.0 (semver) before 11.118.0.66
11.110.0.0 (semver) before 11.110.0.116
11.110.0.0 (semver) before 11.110.0.117
11.102.0.0 (semver) before 11.102.0.41
11.94.0.0 (semver) before 11.94.0.30
11.86.0 (semver) before 11.86.0.43
11.136.1.0 (semver) before 11.136.1.10
11.110.0.0 (semver) before 11.110.0.114
References
support.cpanel.net/...el-WHM-WP2-Security-Update-May-08-2026