CVE-2026-32992 | THREATINT

Description

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.

PUBLISHED Reserved 2026-03-17 | Published 2026-05-13 | Updated 2026-05-14 | Assigner hackerone

HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

11.136.0.0 (semver) before 11.136.0.10

affected

11.134.0.0 (semver) before 11.134.0.26

affected

11.132.0.0 (semver) before 11.132.0.32

affected

11.130.0.0 (semver) before 11.130.0.23

affected

11.126.0.0 (semver) before 11.126.0.59

affected

Default status

unaffected

11.126.1.0 (semver) before 11.136.1.12

affected

References

support.cpanel.net/...el-WHM-WP2-Security-Update-May-13-2026

cve.org (CVE-2026-32992)

nvd.nist.gov (CVE-2026-32992)

Download JSON