CVE-2026-54420 — Actively Exploited: cPanel Plugin (LiteSpeed)
LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
| CVE ID | CVE-2026-54420 |
|---|---|
| Vendor | LiteSpeed |
| Product | cPanel Plugin |
| Vulnerability name | LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability |
| Date added | 2026-06-15 |
| Remediation due | 2026-06-18 |
| Known ransomware use | Unknown |
| Required action | Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discon |
| Description | LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →