Cyber Resilience

CVE-2026-29203

Medium

Published: 08 May 2026

Published
08 May 2026
Modified
15 May 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0049 38.7th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-29203 is a medium-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Cpanel (inferred from references). Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 38.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled…

more

legacy Nova path under their home directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1222.002 Linux and Mac Permissions Defense Impairment
Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.
Why these techniques?

Symlink-following chmod with root privileges directly enables local priv esc (T1068) and arbitrary Linux file/dir permission changes (T1222.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33711Shared CWE-61
CVE-2026-22767Shared CWE-61
CVE-2026-24018Shared CWE-61
CVE-2026-21916Shared CWE-61
CVE-2026-39860Shared CWE-61
CVE-2026-34078Shared CWE-61
CVE-2026-7819Shared CWE-61
CVE-2025-55345Shared CWE-61
CVE-2025-33225Shared CWE-61
CVE-2026-6475Shared CWE-61

Affected Assets

Cpanel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References