CVE-2026-29205

HIGH NVD

CVSS Score 8.6

Severity HIGH

Published May 13, 2026

Vendor unknown

Description

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

References

https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026