cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The shortcomings have been patched in the following versions - cPanel has released 110.0.114 as a direct update for customers who are still on CentOS 6 or CloudLinux 6. Users are advised to update to the latest versions for optimal protection. While there is no evidence that the vulnerabilities have been exploited in the wild, the disclosure comes days after another critical flaw in the product (CVE-2026-41940) has been weaponized by threat actors as a zero-day to deliver Mirai botnet variants and a ransomware strain called Sorry.