CVE-2021-26267
First published: Tue Jan 26 2021(Updated: )
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cpanel Cpanel | <92.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this cPanel vulnerability?
The vulnerability ID for this cPanel vulnerability is CVE-2021-26267.
What is the severity of CVE-2021-26267?
The severity of CVE-2021-26267 is high with a CVSS score of 7.5.
What is the affected software version for CVE-2021-26267?
The affected software version for CVE-2021-26267 is cPanel before 92.0.9.
How does CVE-2021-26267 allow a MySQL user to bypass suspension?
CVE-2021-26267 allows a MySQL user with an old-style password hash to bypass suspension in cPanel before 92.0.9.
Where can I find more information about CVE-2021-26267?
You can find more information about CVE-2021-26267 in the cPanel version 92.0.9 change log: [https://docs.cpanel.net/changelogs/92-change-log/](https://docs.cpanel.net/changelogs/92-change-log/).
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cpanel
- canonical/cpanel cpanel