A vulnerability has been found in cPanel up to 88.0.2 (Hosting Control Software) and classified as critical. Affected by this vulnerability is an unknown part of the component Exim Filter.
The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). The CWE definition for the vulnerability is CWE-94 . As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was released 09/25/2020. This vulnerability is known as CVE-2020-26098 since 09/25/2020. The attack can be launched remotely. Neither technical details nor an exploit are publicly available.
List of others vulnerability you can find in the following list:
cPanel Protect SMTP Greylist privilege escalation CVE-2020-26099
cPanel csh Jail privilege escalation CVE-2020-26100
cPanel RNDC unknown vulnerability CVE-2020-26101
cPanel Auth Policy API privilege escalation CVE-2020-26102
cPanel mailman weak authentication CVE-2020-26103
cPanel SRS Secret unknown vulnerability CVE-2020-26104
cPanel chkservd Test Credential unknown vulnerability CVE-2020-26105
cPanel Permission privilege escalation CVE-2020-26106
cPanel PowerDNS API Key weak authentication CVE-2020-26107
cPanel File Extension Remote Code Execution CVE-2020-26108
cPanel Protection Mechanism privilege escalation CVE-2020-26109
cPanel DNS Zone Manager DNSSEC Interface cross site scripting CVE-2020-26110
cPanel WHM Edit DNS Zone Interface cross site scripting CVE-2020-26111
cPanel Email Quota Cache privilege escalation CVE-2020-26112
cPanel WHM Manage API Tokens Interface cross site scripting CVE-2020-26113
cPanel Cron Jobs interface cross site scripting CVE-2020-26114
cPanel Cron Editor Interface cross site scripting CVE-2020-26115
Upgrading to version 88.0.3 eliminates this vulnerability.