-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with an updated version of Passenger. This release addresses vulnerabilities related to CVE-2025-26803. We strongly encourage all Passenger users to update to version 6.0.26.

 
AFFECTED VERSIONS
All versions of Passenger through 6.0.25



SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2025-26803 - MEDIUM
Passenger 6.0.26
Fixed vulnerability related to CVE-2025-26803


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 25.7 on 2025 February 26, with Passenger version 6.0.26. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2025-26803
https://github.com/phusion/passenger/releases
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAme/dAkACgkQlSG+3KvZ
Td/jKxAAo7zbnpFCryfLahqJN7NUnIexGtS4iGZXYfKzJjcgMmTNDzxv3kgDs0g7
AxPt4Md1jFx9nNSuEj+nCG1Hj9y0Us7JHHTCfEMWGzpVYs4LAWVDMcquF9gDdgp3
XSIc0KbWxkzLVxIEhiErNs6dQz9tLdbW2AoZnQ+dLwTLeS4mETMHx5fZR5YjwG4W
OqgsWFWQKHV0frFjPNChNQ8tvuwPrAaN0m+grP3KacMDFAzY2WcOk6RBkbimWyFf
NBvjUJy3FmozC5b1l0olWu2TaYMzNuJXlqLSOd5D0gdLHkWmu23Pqx7mVF60ngjb
EZQVtNB2GjwbXYRS6RkK+ptOQsezmyi9VwlcGecpXT6IOzxGP2JmxtgzOXQPzc7b
YcCTx1vBvEwRgtYMaOp7QsJRdZcfSSReAgg8PYby9aCIbthdpvqHFeyA7cqMXxO+
adh/rJT0BOgAE8HO+37t+PNyxKXrFGxZIIDk3k0AGcXKN90x6em6spUIE0qMDmxs
iowY+Gwym36XlOV121jKKVTDdX8iNktMbzYkznZZS7+oo3AbXidnz3J62W81qSui
OtCsrFJeEQmzIH5ygxupwO8JuCVigh1DwJcx3kg6MgnE4Cepz3nN4Hr9C0cB6OFR
mUukXcBxwOE1U8iHDFefCyZEEQpC5deVAnUiBCSn30JTIW4Tks8=
=2+8M
-----END PGP SIGNATURE-----