CVE-2026-54420: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
Summary
A vulnerability (CVE-2026-54420) has been identified in the LiteSpeed cPanel Plugin that allows for UNIX symbolic link following. Exploitation requires FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
IFF Assessment
This vulnerability could be exploited by threat actors to gain elevated privileges or access sensitive information on affected systems.
Severity
This score is estimated based on the potential for significant impact (confidentiality, integrity, and availability) through a symlink following vulnerability when an attacker already has basic access. The attack vector is likely local or via compromised accounts.
CISA KEV: Listed as actively exploited. Federal patch due: June 18, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching or applying mitigations for this vulnerability in LiteSpeed cPanel Plugin environments, especially those running CloudLinux/CageFS. Organizations must follow CISA's Binding Operational Directive 26-04 for risk-based prioritization of security updates.