CVE-2026-32991

HIGH7.1JSON export Create alert

Description

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

None

Affected products

WebPros / cPanel11.136.0.0 – 11.136.0.10
WebPros / cPanel11.134.0.0 – 11.134.0.26
WebPros / cPanel11.132.0.0 – 11.132.0.32
WebPros / cPanel11.130.0.0 – 11.130.0.23
WebPros / cPanel11.126.0.0 – 11.126.0.59
WebPros / cPanel11.124.0.0 – 11.124.0.38
WebPros / cPanel11.118.0.0 – 11.118.0.67
WebPros / cPanel11.110.0.0 – 11.110.0.119
WebPros / cPanel (CloudLinux 6, CentOS 6)11.110.0.0 – 11.110.0.118
WebPros / WP Squared11.136.1.0 – 11.136.1.12

References

MISChttps://support.cpanel.net/hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026