{"id":15530,"date":"2026-05-14T10:02:44","date_gmt":"2026-05-14T07:02:44","guid":{"rendered":"https:\/\/www.inetmar.com\/blog\/?p=15530"},"modified":"2026-05-14T10:02:44","modified_gmt":"2026-05-14T07:02:44","slug":"cve-2026-32993-cpanel-whm-kritik-guvenlik-acigi-ve-cozum-rehberi","status":"publish","type":"post","link":"https:\/\/www.inetmar.com\/blog\/cve-2026-32993-cpanel-whm-kritik-guvenlik-acigi-ve-cozum-rehberi\/","title":{"rendered":"CVE-2026-32993: cPanel & WHM Kritik G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve \u00c7\u00f6z\u00fcm Rehberi"},"content":{"rendered":"

Web bar\u0131nd\u0131rma d\u00fcnyas\u0131n\u0131n en yayg\u0131n kontrol panellerinden biri olan cPanel,<\/b>\u00a013 May\u0131s 2026 tarihinde ciddi bir g\u00fcvenlik zafiyetini duyurdu. CVE-2026-32993<\/b> koduyla takip edilen bu a\u00e7\u0131k, \u00f6zellikle sunucu y\u00f6neticileri ve hosting sa\u011flay\u0131c\u0131lar\u0131 i\u00e7in acil eylem gerektiriyor. Bu makalede, zafiyetin detaylar\u0131n\u0131, etkilenen versiyonlar\u0131 ve sisteminizi nas\u0131l koruyaca\u011f\u0131n\u0131z\u0131 detayland\u0131raca\u011f\u0131z.<\/p>\n

CVE-2026-32993 Nedir? Zafiyetin Teknik Detaylar\u0131<\/h2>\n

CVE-2026-32993, cPanel’in ana servis protokol\u00fc olan cpsrvd<\/b> \u00fczerinde ke\u015ffedilen bir “HTTP Header Injection” (HTTP Ba\u015fl\u0131k Enjeksiyonu) zafiyetidir.<\/p>\n

    \n
  • \n

    Zafiyet T\u00fcr\u00fc:<\/b> Unauthenticated Arbitrary HTTP Header Insertion.<\/p>\n<\/li>\n

  • \n

    Risk Fakt\u00f6r\u00fc:<\/b> Kimlik do\u011frulamas\u0131 gerektirmeyen (unauthenticated) bir u\u00e7 nokta \u00fczerinden s\u00f6m\u00fcr\u00fclebilmesi, sald\u0131rganlar\u0131n herhangi bir kullan\u0131c\u0131 ad\u0131 veya \u015fifreye sahip olmadan sisteme m\u00fcdahale etmesine olanak tan\u0131r.<\/p>\n<\/li>\n

  • \n

    Etki:<\/b> Sald\u0131rganlar, sahte HTTP ba\u015fl\u0131klar\u0131 ekleyerek taray\u0131c\u0131 tabanl\u0131 sald\u0131r\u0131lar (XSS), \u00f6nbellek zehirlemesi (Cache Poisoning) veya oturum \u00e7alma gibi ikincil sald\u0131r\u0131lar\u0131 ger\u00e7ekle\u015ftirebilirler.<\/p>\n<\/li>\n<\/ul>\n

    \n

    Etkilenen Versiyonlar ve G\u00fcncel Yamalar<\/h2>\n

    Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, cPanel & WHM Versiyon 132 ve \u00fczeri<\/b> t\u00fcm s\u00fcr\u00fcmleri etkilemektedir. Geli\u015ftirici ekip, sorunu gidermek ad\u0131na a\u015fa\u011f\u0131daki yamal\u0131 s\u00fcr\u00fcmleri h\u0131zla yay\u0131na alm\u0131\u015ft\u0131r:<\/p>\n

    cPanel & WHM \u0130\u00e7in G\u00fcvenli S\u00fcr\u00fcmler:<\/h3>\n
      \n
    • \n

      11.132.0.32<\/b> ve \u00fczeri<\/p>\n<\/li>\n

    • \n

      11.134.0.26<\/b> ve \u00fczeri<\/p>\n<\/li>\n

    • \n

      11.136.0.10<\/b> ve \u00fczeri<\/p>\n<\/li>\n<\/ul>\n

      WP Squared \u0130\u00e7in G\u00fcvenli S\u00fcr\u00fcm:<\/h3>\n
        \n
      • \n

        11.136.1.12<\/b> ve \u00fczeri<\/p>\n<\/li>\n<\/ul>\n

        \n

        Not:<\/b> E\u011fer sisteminiz bu s\u00fcr\u00fcmlerden daha eski bir 132+ versiyon kullan\u0131yorsa, sunucunuz do\u011frudan sald\u0131r\u0131lara a\u00e7\u0131k durumdad\u0131r.<\/p>\n<\/blockquote>\n

        \n

        Ad\u0131m Ad\u0131m G\u00fcncelleme Rehberi (Call to Action)<\/h2>\n

        Sunucunuzun g\u00fcvenli\u011fini sa\u011flamak i\u00e7in vakit kaybetmeden g\u00fcncelleme i\u015flemini ger\u00e7ekle\u015ftirmeniz \u00f6nerilir. \u0130\u015flemi SSH \u00fczerinden a\u015fa\u011f\u0131daki komutlarla tamamlayabilirsiniz.<\/p>\n

        1. G\u00fcncellemeyi Ba\u015flat\u0131n<\/h3>\n

        Sunucunuza root yetkisiyle ba\u011fland\u0131ktan sonra cPanel g\u00fcncelleme beti\u011fini zorunlu modda \u00e7al\u0131\u015ft\u0131r\u0131n: \/scripts\/upcp --force<\/code><\/p>\n

        2. Versiyon Kontrol\u00fc Yap\u0131n<\/h3>\n

        G\u00fcncelleme tamamland\u0131ktan sonra, sistemin g\u00fcvenli s\u00fcr\u00fcme ge\u00e7ip ge\u00e7medi\u011fini do\u011frulamak i\u00e7in \u015fu komutu kullan\u0131n: \/usr\/local\/cpanel\/cpanel -V<\/code><\/p>\n

        E\u011fer ekranda yukar\u0131da belirtilen “G\u00fcvenli S\u00fcr\u00fcmler” listesindeki bir versiyonu (veya daha \u00fcst\u00fcn\u00fc) g\u00f6r\u00fcyorsan\u0131z, i\u015fleminiz ba\u015far\u0131yla tamamlanm\u0131\u015f demektir.<\/p>\n

        \n

        Ek G\u00fcvenlik Notlar\u0131: CVE-2026-29205 ve Di\u011ferleri<\/h2>\n

        May\u0131s 2026 g\u00fcncelleme paketi sadece CVE-2026-32993 kodlu a\u00e7\u0131\u011f\u0131 kapatmakla kalm\u0131yor. Ayn\u0131 s\u00fcr\u00fcmle birlikte a\u015fa\u011f\u0131daki g\u00fcvenlik a\u00e7\u0131klar\u0131na kar\u015f\u0131 da \u00f6nlem al\u0131nm\u0131\u015ft\u0131r:<\/p>\n

          \n
        • \n

          CVE-2026-29205<\/b><\/p>\n<\/li>\n

        • \n

          CVE-2026-29206<\/b><\/p>\n<\/li>\n

        • \n

          CVE-2026-32991<\/b><\/p>\n<\/li>\n

        • \n

          CVE-2026-32992<\/b><\/p>\n<\/li>\n<\/ul>\n

          Bu, sisteminizi g\u00fcncel tutman\u0131n sadece bir a\u00e7\u0131\u011f\u0131 de\u011fil, bir dizi potansiyel tehdidi bertaraf etmek anlam\u0131na geldi\u011fini g\u00f6stermektedir.<\/p>\n

          \n

          Sonu\u00e7: Sunucu G\u00fcvenli\u011finde \u0130hmale Yer Yok<\/h2>\n

          Dijital varl\u0131klar\u0131n\u0131z\u0131n g\u00fcvenli\u011fi, kulland\u0131\u011f\u0131n\u0131z yaz\u0131l\u0131mlar\u0131n g\u00fcncelli\u011fi ile do\u011frudan ili\u015fkilidir. cPanel & WHM taraf\u0131ndan yay\u0131nlanan bu son g\u00fcvenlik duyurusu, sald\u0131rganlar\u0131n kimlik do\u011frulama duvar\u0131n\u0131 a\u015fabilece\u011fini g\u00f6sterdi\u011fi i\u00e7in kritik seviyededir.<\/p>\n

          SEO \u00d6zet:<\/b> cPanel CVE-2026-32993 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, cpsrvd \u00fczerinden HTTP header injection yap\u0131lmas\u0131na izin veriyor. 11.132, 11.134 ve 11.136 s\u00fcr\u00fcmlerindeki son g\u00fcncellemeleri y\u00fckleyerek sunucunuzu koruma alt\u0131na al\u0131n.<\/p>\n","protected":false},"excerpt":{"rendered":"

          Web bar\u0131nd\u0131rma d\u00fcnyas\u0131n\u0131n en yayg\u0131n kontrol panellerinden biri olan cPanel,\u00a013 May\u0131s 2026 tarihinde ciddi bir g\u00fcvenlik zafiyetini duyurdu. CVE-2026-32993 koduyla takip edilen bu a\u00e7\u0131k, \u00f6zellikle sunucu y\u00f6neticileri ve hosting sa\u011flay\u0131c\u0131lar\u0131 i\u00e7in acil eylem gerektiriyor. Bu...<\/p>\n","protected":false},"author":5,"featured_media":15531,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"class_list":["post-15530","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-whmcpanel"],"_links":{"self":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/comments?post=15530"}],"version-history":[{"count":1,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15530\/revisions"}],"predecessor-version":[{"id":15532,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15530\/revisions\/15532"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media\/15531"}],"wp:attachment":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media?parent=15530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/categories?post=15530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/tags?post=15530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}