PatchSiren cyber security CVE debrief
CVE-2026-54420 LiteSpeed Technologies CVE debrief
CVE-2026-54420 is a HIGH severity vulnerability in LiteSpeed cPanel plugin before 2.4.8, as distributed in LiteSpeed WHM PlugIn before 5.3.2.0. The vulnerability occurs due to mishandling of symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS. This issue was exploited in the wild in May 2026. The CVSS score for this vulnerability is 8.5.
- Vendor
- LiteSpeed Technologies
- Product
- cPanel Plugin
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-14
- Original CVE updated
- 2026-06-14
- Advisory published
- 2026-06-14
- Advisory updated
- 2026-06-14
Who should care
Users of LiteSpeed cPanel plugin before version 2.4.8 and LiteSpeed WHM PlugIn before 5.3.2.0, especially those with shared hosting servers running CloudLinux/CageFS, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The LiteSpeed cPanel plugin mishandles symlinks provided by users with FTP or web shell access. This can be exploited by users to potentially access unauthorized areas of the server.
Defensive priority
HIGH
Recommended defensive actions
- Update LiteSpeed cPanel plugin to version 2.4.8 or later.
- Update LiteSpeed WHM PlugIn to version 5.3.2.0 or later.
- Review and restrict FTP and web shell access for users on shared hosting servers running CloudLinux/CageFS.
Evidence notes
The vendor for this product is likely LiteSpeed Technologies, based on the reference to 'Litespeedtech' in the evidence.
Official resources
CVE-2026-54420 was published on 2026-06-14T04:16:28.630Z.