Patch for CVE-2026-29205 incomplete?

hosta

• May 14, 2026 08:57

Hi,

someone on X has a post with information, that the latest patch CVE-2026-29205 is/seems to be incomplete?

https://x.com/infosec_au/status/2054749885258449252

cPRex is this fake or something you are looking into?

As this is public information maybe a heads-up would be nice - also concerning the mentioned workaround (disabling ports 2079/2080).

Thank you!

• 

  cPRex Jurassic Moderator

  • May 14, 2026 13:15

  Hey there!  This is real, and we were notified through a responsible disclosure from an external reporter and we're actively investigating.  More updates to come!

  0
• 

  cPRex Jurassic Moderator

  • May 14, 2026 15:53

  Updates are live now!  https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026

  0
• 

  hosta

  • May 14, 2026 18:32

  cPRex thank you for the update!

  0
• 

  cPRex Jurassic Moderator

  • May 14, 2026 18:33

  Sure thing!

  0

Please sign in to leave a comment.