New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
7.0.3 not seem to be affected by this bug according to https://help.whmcs.com/m/125386/l/2073908-cve-2026-29204
Affected versions include:
Patch released early
Email received:
WHMCS 9.0.4 and WHMCS 8.13.3 are now available as important maintenance releases for the WHMCS 9.0 and 8.13 series.
These releases address a security vulnerability, CVE-2026-29204, which affects WHMCS 7.4 and later. We strongly recommend that all self-managed WHMCS customers update to the latest available version for their release series without delay.
Information relating to this CVE was disclosed earlier than intended due to a submission issue on our side. As a result, we accelerated the publication of these releases so customers could take the recommended action immediately.
https://help.whmcs.com/m/125386/l/2073908-cve-2026-29204
Hi,
.... worked perfectly well....
tried to update our 8.x to latest 8.13
But whmcs update code decided to better install 9.0.4 :-)
And thinks now having 9.0.4 will mean having 8.13.3 as latest version
So they did just as well with the patch as they did with revealing the CVE details too early. Time to rise prices again.
I have updated and ours shows correct 8.13.2 to 8.13.3
WHMCS dev team - thank you @layer7 for testing our patch
Incomplete as usual
At least a few hours later, their updater works correctly as I just updated without facing any issue.
any POC out?
Sounds like you selected the "Stable" update channel when you wanted to use "Current" to stay on the same major version.