CVE-2026-29205 - Vulnerability Details - OpenCVE

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Webpros	Cpanel Wp Squared
Wordpress	Wordpress

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://www.spirityenterprise.com/mdr-for-endpoint
https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026

History

Thu, 14 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 14 May 2026 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Webpros Webpros cpanel Webpros wp Squared Wordpress Wordpress wordpress
Vendors & Products		Webpros Webpros cpanel Webpros wp Squared Wordpress Wordpress wordpress

Wed, 13 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
Title		File Disclosure via cpdavd Attachment Download Endpoint

Wed, 13 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
Weaknesses		CWE-250
References		https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-05-13T22:06:04.220Z

Updated: 2026-05-14T13:13:52.380Z

Reserved: 2026-03-04T15:00:09.267Z

Link: CVE-2026-29205

Vulnrichment

Updated: 2026-05-14T13:13:43.295Z

NVD

Status : Awaiting Analysis

Published: 2026-05-13T22:16:42.817

Modified: 2026-05-14T18:30:57.103

Link: CVE-2026-29205

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29205", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-03-04T15:00:09.267Z", "datePublished": "2026-05-13T22:06:04.220Z", "dateUpdated": "2026-05-14T13:13:52.380Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints."}], "affected": [{"defaultStatus": "unaffected", "vendor": "WebPros", "product": "cPanel", "versions": [{"version": "11.136.0.0", "status": "affected", "lessThan": "11.136.0.10", "versionType": "semver"}, {"version": "11.134.0.0", "status": "affected", "lessThan": "11.134.0.26", "versionType": "semver"}, {"version": "11.132.0.0", "status": "affected", "lessThan": "11.132.0.32", "versionType": "semver"}, {"version": "11.130.0.0", "status": "affected", "lessThan": "11.130.0.23", "versionType": "semver"}, {"version": "11.126.0.0", "status": "affected", "lessThan": "11.126.0.59", "versionType": "semver"}, {"version": "11.120.0.0", "status": "affected", "lessThan": "11.124.0.38", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "WebPros", "product": "WP Squared", "versions": [{"version": "11.120.1.0", "status": "affected", "lessThan": "11.136.1.12", "versionType": "semver"}]}], "references": [{"url": "https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "baseScore": 8.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-05-13T22:06:04.220Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-14T13:13:34.728020Z", "id": "CVE-2026-29205", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-14T13:13:52.380Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}}], "affected": [{"vendor": "WebPros", "product": "cPanel", "versions": [{"status": "affected", "version": "11.136.0.0", "lessThan": "11.136.0.10", "versionType": "semver"}, {"status": "affected", "version": "11.134.0.0", "lessThan": "11.134.0.26", "versionType": "semver"}, {"status": "affected", "version": "11.132.0.0", "lessThan": "11.132.0.32", "versionType": "semver"}, {"status": "affected", "version": "11.130.0.0", "lessThan": "11.130.0.23", "versionType": "semver"}, {"status": "affected", "version": "11.126.0.0", "lessThan": "11.126.0.59", "versionType": "semver"}, {"status": "affected", "version": "11.120.0.0", "lessThan": "11.124.0.38", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WebPros", "product": "WP Squared", "versions": [{"status": "affected", "version": "11.120.1.0", "lessThan": "11.136.1.12", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026"}], "descriptions": [{"lang": "en", "value": "Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-05-13T22:06:04.220Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29205", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-14T13:13:34.728020Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-05-14T13:13:43.295Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-29205", "state": "PUBLISHED", "dateUpdated": "2026-05-13T22:06:04.220Z", "dateReserved": "2026-03-04T15:00:09.267Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-05-13T22:06:04.220Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}