HomeDefault status
unaffected
11.136.0.0 (semver) before 11.136.0.9
affected
11.134.0.0 (semver) before 11.134.0.25
affected
11.132.0.0 (semver) before 11.132.0.31
affected
11.130.0.0 (semver) before 11.130.0.22
affected
11.126.0.0 (semver) before 11.126.0.58
affected
11.124.0.0 (semver) before 11.124.0.37
affected
11.118.0.0 (semver) before 11.118.0.66
affected
11.110.0.0 (semver) before 11.110.0.116
affected
11.110.0.0 (semver) before 11.110.0.117
affected
11.102.0.0 (semver) before 11.102.0.41
affected
11.94.0.0 (semver) before 11.94.0.30
affected
11.86.0.0 (semver) before 11.86.0.43
affected
Default status
unaffected
11.110.0.0 (semver) before 11.110.114
affected
Default status
unaffected
11.136.1.0 (semver) before 11.136.1.10
affected
Description
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.
Problem types
CWE-61 UNIX Symbolic Link (Symlink) Following
Product status
11.136.0.0 (semver) before 11.136.0.9
11.134.0.0 (semver) before 11.134.0.25
11.132.0.0 (semver) before 11.132.0.31
11.130.0.0 (semver) before 11.130.0.22
11.126.0.0 (semver) before 11.126.0.58
11.124.0.0 (semver) before 11.124.0.37
11.118.0.0 (semver) before 11.118.0.66
11.110.0.0 (semver) before 11.110.0.116
11.110.0.0 (semver) before 11.110.0.117
11.102.0.0 (semver) before 11.102.0.41
11.94.0.0 (semver) before 11.94.0.30
11.86.0.0 (semver) before 11.86.0.43
11.110.0.0 (semver) before 11.110.114
11.136.1.0 (semver) before 11.136.1.10
References
support.cpanel.net/...el-WHM-WP2-Security-Update-May-08-2026