Bypass of SMTP Greylisting Protection in cPanel Software by cPanel, Inc.
CVE-2020-26099

7.5HIGH

Key Information:

Vendor: Cpanel
Status: Cpanel
Vendor: CVE Published:; 25 September 2020

Summary

A vulnerability in cPanel before version 88.0.3 allows attackers to circumvent the SMTP greylisting protection mechanism. This bypass permits unauthorized email transmission, posing significant security risks to servers utilizing affected cPanel versions. System administrators are advised to update to the latest version to mitigate this vulnerability and enhance their email security.

References

https://docs.cpanel.net/changelogs/88-change-log/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2020
Vulnerability Reserved
Sep 25, 2020