CVE-2026-54420

Summary

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

Affected Software

VendorProductVersion RangeStatus
LiteSpeed TechnologiescPanel Plugin2.3 < 2.4.8affected

Weaknesses

  • CWE-61: CWE-61 UNIX Symbolic Link (Symlink) Following

Workarounds

Disable the cPanel PlugIn for LiteSpeed

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References