Improper Authorization in cPanel/WHM Affects Team Member Privileges
CVE-2026-32991

7.1HIGH

Key Information:

Vendor: Webpros
Status: Cpanel; WP Squared; Cpanel (cloudlinux 6, Centos 6)
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-32991?

This vulnerability allows unauthorized escalation of privileges within cPanel/WHM, where team members can gain elevated access rights, potentially compromising sensitive accounts. The issue stems from inadequate checks on team member privileges, enabling a member to act as a team owner. It is essential for users to apply the latest security updates to protect against this risk and secure their environments.

Affected Version(s)

cPanel 11.136.0.0 < 11.136.0.10

cPanel 11.134.0.0 < 11.134.0.26

cPanel 11.132.0.0 < 11.132.0.32

References

https://support.cpanel.net/hc/en-us/articles/404372541839...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-32991 Data

JSON

Webpros

What is CVE-2026-32991?

Affected Version(s)

References

CVSS V3.1

Timeline