cPanel prior to 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
cpanel cpanel