HIGHCVE-2026-32992Published 2026-05-13Modified 2026-05-14CNA hackerone

CVE-2026-32992: SSL verification is disabled in the DNS Cluster system

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.

CVSS v3.1: 8.2
Severity: HIGH
Fixed in: 11.126.0.59
Affected Products: 2

Fix available

11.126.0.5911.130.0.2311.132.0.3211.134.0.2611.136.0.1011.136.1.12

Affected packages

WebPros / cPanel
< 11.136.0.10 (from 11.136.0.0) · < 11.134.0.26 (from 11.134.0.0) · < 11.132.0.32 (from 11.132.0.0) · < 11.130.0.23 (from 11.130.0.0) · < 11.126.0.59 (from 11.126.0.0)
WebPros / WP Squared
< 11.136.1.12 (from 11.126.1.0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References

support.cpanel.net

Metrics

Fix available