PT-2026-40440 · Cpanel · Cpanel & Whm
Published
2026-05-12
·
Updated
2026-05-14
·
CVE-2026-32993
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
cPanel & WHM (affected versions not specified)
Description
Improper sanitization of the
status query parameter in the '/unprotected/nova error' endpoint allows an unauthenticated attacker to inject arbitrary HTTP headers into the response.Recommendations
Apply the security updates provided by cPanel.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cpanel & Whm