CVE-2026-29203
Received Received - Intake
chmod Symlink Following in cPanel Nova Plugin

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: HackerOne

Description
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-29203
EUVD
EUVD-2026-28812
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cpanel whm From v110.0.114 (inc)
wp_squared wp_squared *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an authenticated cPanel user to set root permissions on arbitrary system files or directories via unsafe symlink handling, potentially leading to denial of service or local privilege escalation.

Such unauthorized privilege escalation and potential system compromise could impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and system integrity.

Organizations subject to these regulations must address this vulnerability promptly by applying the recommended patches to prevent unauthorized access and maintain compliance.

Executive Summary

This vulnerability exists in the cPanel Nova plugin's Cpanel::Nova::Connector where a chmod call follows symbolic links (symlinks). This behavior allows an authenticated cPanel user to create a symlink at a user-controlled legacy Nova path within their home directory, which can lead to setting root permissions on arbitrary system files or directories.

Impact Analysis

The vulnerability can cause a denial of service (DoS) or local privilege escalation. Specifically, an attacker who is an authenticated cPanel user can exploit this to gain elevated permissions on system files or directories, potentially compromising system integrity or availability.

Detection Guidance

Detection of this vulnerability involves verifying the version of cPanel & WHM or WP Squared installed on your system to check if it is vulnerable or patched.

You can use commands to check the current cPanel version, such as:

  • rpm -qa | grep cpanel
  • cat /usr/local/cpanel/version

Comparing the installed version against the patched version (v110.0.114 or later) will help determine if your system is vulnerable.

Mitigation Strategies

The immediate mitigation step is to update your cPanel & WHM or WP Squared installation to the patched version that addresses this vulnerability.

For systems running CentOS 6 or CloudLinux 6, update directly to version v110.0.114.

Use the official update commands provided by cPanel to upgrade your system and verify the update afterward.

Applying this update will fix the unsafe symlink handling error and prevent potential denial of service or privilege escalation attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29203. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart