HIGHCVE-2026-29203Published Modified CNA hackerone
CVE-2026-29203: A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 11.86.0.43
- Affected Products
- 3
Fix available
11.86.0.4311.94.0.3011.102.0.4111.110.0.11611.110.0.11711.118.0.6611.124.0.3711.126.0.5811.130.0.2211.132.0.3111.134.0.2511.136.0.911.136.1.10
Affected packages
- WebPros / cPanel< 11.136.0.9 (from 11.136.0.0) · < 11.134.0.25 (from 11.134.0.0) · < 11.132.0.31 (from 11.132.0.0) · < 11.130.0.22 (from 11.130.0.0) · < 11.126.0.58 (from 11.126.0.0) · < 11.124.0.37 (from 11.124.0.0)
- WebPros / cPanel (CloudLinux 6, CentOS 6)< 11.110.0.116 (from 11.110.0.0)
- WebPros / WP Squared< 11.136.1.10 (from 11.136.1.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences