Severe vulnerability found in cPanel and WHM, exact information is blacklisted for security


cPanel and WHM users are encouraged to update their products immediately

The security team at cPanel has released a patch to update a major security vulnerability found within the cPanel and WHM products.
Outlined in the company’s cPanel TSR-2016-0001 Security Announcement, the new build contains several fixes that will address multiple vulnerabilities. It is important to note that at least one of these security vulnerabilities is rated 10 out of 10, the highest level cPanel has on their security scale that ranks the potential severity of a vulnerability if exploited.
According to cPanel’s threat assessment documentation, “A value of 10 indicates the most severe vulnerabilities.”
The official release goes on to say that, in addition to the level 10 threat, “This Targeted Security Release addresses 20 vulnerabilities in cPanel & WHM software.”
The release states the update will address known vulnerabilities in the following cPanel and WHM versions:
  • and Greater
  • and Greater
  • and Greater
  • and Greater
What’s interesting to note about this release is that the cPanel team has decided to keep the information private. They are not saying what the exploit is, or how it could impact a system. This is being done in an effort to mitigate malicious attackers attempting to take advantage of the high-level vulnerability.
By default, the cPanel and WHM tools are configured to automatically update and install new security vulnerability patches when they are released. However, if you have changed this default setting, you will need to manually update to the most secure version in order to close this vulnerability as a potential exploit against your systems.
Due to the potential severity of the security vulnerability, cPanel has extended its blackout date and will keep the exact nature of the vulnerability — and subsequent patch — private for an extended period of time.
Works Cited / For Further Reading:
cPanel TSR-2016-0001 Security Announcement. (
cPanel Security Level Documentation. (cPanel Knowledge Base