Aggregates CVE and security vulnerability intelligence across all cloudlinux-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk file inclusion, with potential vendor impact file overwrite and vendor impact unauthorized access across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-65530 | An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file. | [email protected] | 8.8 | 0.29% | 2025-12-12 | 2025-12-19 |
| CVE-2020-36772 | CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. | [email protected] | 4.4 | 0.38% | 2024-01-22 | 2025-05-30 |
| CVE-2020-36771 | CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. | [email protected] | 7.8 | 0.47% | 2024-01-22 | 2025-06-20 |
| CVE-2021-21956 | A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 7.8 | 1.27% | 2022-04-14 | 2024-11-21 |