CVE-2026-54420
Description
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
CVSS Details
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Threat Intelligence
- Added
- Jun 15, 2026
- Due
- Jun 18, 2026
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Weaknesses 1
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| litespeedtech | litespeed_cpanel_plugin | * | <2.4.8 |
| litespeedtech | litespeed_whm_plugin | * | <5.3.2.0 |
References 3
- blog.litespeedtech.com https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-54420
- litespeedtech.com https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.