CVE-2026-54420 is a HIGH severity vulnerability in LiteSpeed cPanel plugin before 2.4.8, as distributed in LiteSpeed WHM PlugIn before 5.3.2.0. The vulnerability occurs due to mishandling of symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS. This issue was exploited in the wild in May 2026. The CVSS score for this vulnerability is 8.5.
Known exploitedLiteSpeed TechnologiesCVE published 2026-05-26
CVE-2026-48172 is a critical flaw in the LiteSpeed User-End cPanel Plugin before 2.4.5 that may allow privilege escalation, potentially to root. The supplied record says it was exploited in the wild in May 2026. LiteSpeed’s parent WHM plugin is described as unaffected. For exposed cPanel environments, this should be treated as an urgent patch-and-investigate issue.
HIGHLiteSpeed TechnologiesCVE published 2026-03-16
CVE-2026-31386 is an OS command injection vulnerability in OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies. An attacker with administrative privilege can execute an arbitrary OS command.