← ExploitWatch
HomeExploited Vulnerabilities

CVE-2026-54420 — Actively Exploited: cPanel Plugin (LiteSpeed)

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

CVE IDCVE-2026-54420
VendorLiteSpeed
ProductcPanel Plugin
Vulnerability nameLiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
Date added2026-06-15
Remediation due2026-06-18
Known ransomware useUnknown
Required actionApply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discon
DescriptionLiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →