You can find our user documentation at

Check out our new API beta site!

Page tree
Skip to end of metadata
Go to start of metadata


Background Information 

On Monday, July 22, 2019, Exim maintainers announced that they had discovered a vulnerability in Exim from version 4.85 to version 4.92.

On Thursday, July 25, 2019, the Exim maintainers released a patch for this vulnerability


According to Exim development: " A local or remote attacker can execute programs with root  privileges - if you've an unusual configuration.
If your configuration uses the ${sort } expansion for items that can be controlled by an attacker (e.g. $local_part, $domain). The default config, as shipped by the Exim developers, does not contain ${sort }.

After analyzing the details of the vulnerability, standard Exim configurations provided by cPanel & WHM are not expected to be vulnerable. However, customized configurations may be vulnerable.


The following versions of cPanel & WHM were patched to have the correct version of Exim. All previous versions of cPanel & WHM below the stated versions are potentially vulnerable to a root RCE in non-default configurations.


How to determine if your server is up to date

The updated RPMs provided by cPanel should be at least 4.92-2 on versions 80 and above.

rpm -q exim

Version 78


Versions 80, 82


What to do if you are not up to date.

If your server is not running one of the above versions, update immediately. 

To upgrade your server, use WHM's interface (WHM >> Home >> cPanel >> Upgrade to Latest Version).

Alternatively, you can run the commands below to upgrade your server from the command line:

/scripts/check_cpanel_rpms --fix --long-list

Verify the new Exim RPM was installed:

In versions 78, 80, and 82 run the following:

rpm -q --changelog exim | grep CVE-2019-13917

The output should resemble below:

- Applied upstream patch for CVE-2019-13917

If you are still experiencing issues or need additional help, please contact 
cPanel support.

Additional documentation

More detailed information can be found at the following websites:

There is no content with the specified labels

Error rendering macro 'contentbylabel'

parameters should not be empty

There is no content with the specified labels

  • No labels