AI description
CVE-2026-54420 identifies a vulnerability within the LiteSpeed cPanel plugin, affecting versions prior to 2.4.8, which are included in LiteSpeed WHM PlugIn versions before 5.3.2.0. This flaw stems from the plugin's inadequate handling of symbolic links (symlinks). The vulnerability can be leveraged by a user possessing FTP or web shell access on a shared hosting server that utilizes CloudLinux/CageFS. Through the manipulation of symlinks, an attacker could potentially access or execute arbitrary files located outside of their designated directories, a scenario categorized as a path traversal vulnerability (CWE-61). This issue was actively exploited in May 2026.
- Description
- LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- litespeed_cpanel_plugin, litespeed_whm_plugin
CVSS 3.1
- Type
- Secondary
- Base score
- 8.5
- Impact score
- 6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
- Exploit added on
- Jun 15, 2026
- Exploit action due
- Jun 18, 2026
- Required action
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- cve@mitre.org
- CWE-61
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
CISAが既知の悪用された脆弱性2件をカタログに追加 CVE-2026-20262 Cisco Catalyst SD-WAN Managerのディレクトリまたはパスのトラバーサル脆弱性 CVE-2026-54420 LiteSpeed cPanelプラグインのUNIXシンボリックリンク(Symlink)の
@foxbook
16 Jun 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oh cPanel servers about to be hacked? Update asap or remove LiteSpeed cPanel Plugin. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
@zerotalktoai
15 Jun 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The CVE that was published today for LiteSpeed's WHM plugin prior to v2.4.8 refers to the same vulnerability we disclosed (and patched) two weeks ago. CVE-2026-54420: https://t.co/1xR8NH6Yvy
@litespeedtech
15 Jun 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Cisco Catalyst SD-WAN Manager vulnerability CVE-2026-20262 and LiteSpeed cPanel Plugin vulnerability CVE-2026-54420 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyber
@CISACyber
15 Jun 2026
2914 Impressions
6 Retweets
13 Likes
3 Bookmarks
1 Reply
0 Quotes
⚠️ CRITICAL: ‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn b... CVE-2026-54420 is a critical symlink mishandling vulnerability in LiteSpeed cPanel plugin versions before 2.4.8 and LiteSpeed WHM Plugin versions before 5.3.
@lenngrenm
14 Jun 2026
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-54420 LiteSpeed cPanel Plugin Symlink Mishandling in CloudLinux/CageFS Environments https://t.co/AaEimojznY
@VulmonFeeds
14 Jun 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_cpanel_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1876E6-E6BF-4D4F-8BF7-5555F32A9787",
"versionEndExcluding": "2.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_whm_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63B844E5-0AFC-4E5B-81AA-AC01FA8FA29C",
"versionEndExcluding": "5.3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]