CVE-2026-54420

HIGH KEV

Litespeed Technologies cPanel Plugin < 2.4.8 - UNIX Symbolic Link (Symlink) Following

Title source: rule

Exploitation Summary

CVE-2026-54420 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 15, 2026.

Description

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

References (3)

Core 3

Core References

https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel

https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-54420

Scores

CVSS v3 8.5

EPSS 0.0035

EPSS Percentile 26.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-06-15

VulnCheck KEV 2026-06-01

CWE

CWE-61

Status published

Products (3)

LiteSpeed Technologies/cPanel Plugin 2.3 - 2.4.8

litespeedtech/litespeed_cpanel_plugin < 2.4.8

litespeedtech/litespeed_whm_plugin < 5.3.2.0

Published Jun 14, 2026

KEV Added Jun 15, 2026

Tracked Since Jun 14, 2026