cPanel CVE-2026-29205: arbitrary file reads via cpdavd make rapid patching the right move
cPanel says CVE-2026-29205 allowed arbitrary file reads through certain cpdavd endpoints and required an additional backported fix on May 14. This alert covers affected versions, emergency exposure controls, and verification steps.
Eng. Hussein Ali Al-AssaadMay 19, 20264 min read