CVE-2026-29205

Published: Mag 14, 2026 Last Modified: Mag 14, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: low

Availability: low

Description

AI Translation Available

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

250

Execution with Unnecessary Privileges

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Read Application Data Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML, Mobile

Likelihood of Exploit: Medium

View CWE Details

https://support.cpanel.net/hc/en-us/articles/40437020299927…

https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-2…

CVE-2026-29205

Description

Execution with Unnecessary Privileges

Common Consequences

Applicable Platforms

Iscriviti alla newsletter