CVE-2026-45447 cPanel CVE debrief

Who should care

System administrators and security teams managing cPanel/WHM environments, particularly those using EasyApache 4, should prioritize this update to mitigate potential security risks associated with the addressed CVEs.

Technical summary

The EasyApache 4 25.66 update specifically addresses CVE-2026-45447, a High-severity vulnerability, along with four other CVEs. It updates ea-openssl11 to 1.1.1w-8 for CentOS 7 and upgrades the Passenger ecosystem components (ea-passenger-src, ea-apache24-mod-passenger, ea-nginx-passenger, ea-ruby27-passenger) to version 6.1.5. These changes are designed to enhance the security posture of cPanel/WHM installations.

Defensive priority

High

Recommended defensive actions

• Apply the EasyApache 4 25.66 update to patch CVE-2026-45447 and other addressed CVEs.
• Ensure all components of the Passenger ecosystem are updated to version 6.1.5.
• Review and apply TuxCare/ELS backports for ea-openssl11 (CentOS 7 only).
• Monitor cPanel/WHM environments for any signs of exploitation attempts related to these CVEs.
• Regularly review and update EasyApache 4 configurations to align with the latest security recommendations.
• Consider implementing additional security measures, such as enhanced monitoring and intrusion detection systems.

Evidence notes

The information provided is based on the official cPanel changelog and CVE records. The update directly addresses multiple High-severity vulnerabilities, emphasizing the importance of prompt application.

Official resources