CVE-2026-54420 | THREATINT

Description

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

PUBLISHED Reserved 2026-06-14 | Published 2026-06-14 | Updated 2026-06-14 | Assigner mitre

HIGH: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-61 UNIX Symbolic Link (Symlink) Following

Product status

Default status

unaffected

2.3 (custom) before 2.4.8

affected

References

www.litespeedtech.com/...server/control-panel-support/cpanel

blog.litespeedtech.com/...ate-for-litespeed-cpanel-plugin-2/

cve.org (CVE-2026-54420)

nvd.nist.gov (CVE-2026-54420)

Download JSON