SSL Verification Bypass in cPanel and WHM Software
CVE-2026-32992

8.2HIGH

Key Information:

Vendor: Webpros
Status: Cpanel; WP Squared
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-32992?

A security flaw in cPanel and WHM allows SSL verification to be disabled within the DNS Cluster system. This poses a significant risk as malicious actors might exploit this weakness to perform man-in-the-middle attacks, potentially capturing sensitive user credentials. It is crucial for users of cPanel and WHM to update to the latest versions to mitigate this vulnerability.

Affected Version(s)

cPanel 11.136.0.0 < 11.136.0.10

cPanel 11.134.0.0 < 11.134.0.26

cPanel 11.132.0.0 < 11.132.0.32

References

https://support.cpanel.net/hc/en-us/articles/404372419876...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-32992 Data

JSON

Webpros

What is CVE-2026-32992?

Affected Version(s)

References

CVSS V3.1

Timeline