Home
HIGH: 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:LDefault status
unaffected
11.136.0.0 (semver) before 11.136.0.9
affected
11.134.0.0 (semver) before 11.134.0.25
affected
11.132.0.0 (semver) before 11.132.0.31
affected
11.130.0.0 (semver) before 11.130.0.22
affected
11.126.0.0 (semver) before 11.126.0.58
affected
11.124.0.0 (semver) before 11.124.0.37
affected
11.118.0.0 (semver) before 11.118.0.66
affected
11.110.0.0 (semver) before 11.110.0.117
affected
11.102.0.0 (semver) before 11.102.0.41
affected
11.94.0.0 (semver) before 11.94.0.30
affected
11.86.0.0 (semver) before 11.86.0.43
affected
Default status
unaffected
11.136.1.0 (semver) before 11.136.1.11
affected
Default status
unaffected
11.110.0.0 (semver) before 11.110.0.116
affected
Description
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
Problem types
CWE-23 Relative Path Traversal
Product status
11.136.0.0 (semver) before 11.136.0.9
11.134.0.0 (semver) before 11.134.0.25
11.132.0.0 (semver) before 11.132.0.31
11.130.0.0 (semver) before 11.130.0.22
11.126.0.0 (semver) before 11.126.0.58
11.124.0.0 (semver) before 11.124.0.37
11.118.0.0 (semver) before 11.118.0.66
11.110.0.0 (semver) before 11.110.0.117
11.102.0.0 (semver) before 11.102.0.41
11.94.0.0 (semver) before 11.94.0.30
11.86.0.0 (semver) before 11.86.0.43
11.136.1.0 (semver) before 11.136.1.11
11.110.0.0 (semver) before 11.110.0.116
References
support.cpanel.net/...el-WHM-WP2-Security-Update-May-08-2026