DISCLAIMER: This advisory applies only to users running CentOS Web Panel (CWP). If you are not using CWP, you do not need to take any action based on this guide.
For users running CentOS 7 or older: We strongly advise you to back up your files and have your server reinstalled with CentOS 8, CentOS 9, AlmaLinux 8, AlmaLinux 9, or AlmaLinux 10.
Overview #
A critical vulnerability has been identified in CentOS Web Panel (CWP) that allows malicious users to gain unauthorized root access to affected servers. The vulnerability exists within the CWP interface and permits attackers to inject and execute arbitrary shell commands with root privileges.
Severity: Critical
Affected Component: CWP Interface
Required Action: ImmediateFor detailed technical information, see: CVE-2025-67888
Remediation Steps #
Step 1: Run the Security Remediation Script (Required) #
The fastest and most reliable way to address this vulnerability is to execute our prepared remediation script. Choose one of the following commands based on your preferred download utility:
Using cURL: #
curl -s https://fsn114.truehost.cloud/download/CVE_cwp-2026-remediation.sh -o /tmp/remediation.sh && sudo bash /tmp/remediation.shUsing wget: #
wget -q https://fsn114.truehost.cloud/download/CVE_cwp-2026-remediation.sh -O /tmp/remediation.sh && sudo bash /tmp/remediation.shNote: The script must be executed with root/sudo privileges.
Step 2: Install and Configure Mod Security (Recommended) #
Mod Security provides an additional layer of protection by filtering malicious requests at the web server level.
Installation Instructions: #
- Log into CWP as root
- Navigate to Security → Mod Security
- You will see a message indicating: “Mod Security configuration is: not installed”
- Select your preferred rule set from the options below:
- OWASP Old – Traditional OWASP rules (default with CWP)
- OWASP Latest – Latest OWASP rules with automatic updates (CWP Pro required)
- Comodo WAF – Comodo Web Application Firewall with automatic updates (CWP Pro required)
- Click the Install Mod Security button
- Confirm the installation at the dialog prompt
- Monitor the installation log until you see: “Mod Security Successfully Installed”
Step 3: Update CWP to the Latest Version #
Ensure CWP is running the most recent version with all security patches applied.
Execute the following commands in order:
sh /usr/local/cwpsrv/htdocs/resources/scripts/update_cwpThen:
sh /scripts/update_cwpImportant: Note any error messages that appear during the update process. If you encounter errors, please contact support with the error details.
Step 4: Rerun the Remediation Script (Recommended) #
After completing the above steps, rerun the remediation script to ensure all protections are properly applied:
Using cURL: #
curl -s https://fsn114.truehost.cloud/download/CVE_cwp-2026-remediation.sh -o /tmp/remediation.sh && sudo bash /tmp/remediation.shUsing wget: #
wget -q https://fsn114.truehost.cloud/download/CVE_cwp-2026-remediation.sh -O /tmp/remediation.sh && sudo bash /tmp/remediation.shVerification #
After completing all remediation steps, verify that:
- [ ] The remediation script completed without errors
- [ ] Mod Security is installed and active
- [ ] CWP has been updated to the latest version
- [ ] CWP interface is functioning normally
- [ ] Your web applications continue to operate as expected
Support #
If you encounter any issues during the remediation process, or if you have questions about this vulnerability, our support team is available to assist.
Contact: [email protected]
When contacting support, please include:
- Any error messages encountered
- Your CWP version
- Steps you have already completed
- Temporary access to the server, sharable via https://pass.cloudoon.com/
Summary #
Step Action Priority 1 Run remediation script Required 2 Install Mod Security Required 3 Update CWP Required 4 Rerun remediation script Recommended Timeline: Complete all steps as soon as possible to minimize security exposure.
~ Truehost Team
