KEVIntel
PRO Back to KEVs
8.5
CVSS
High

CVE-2026-54420

PUBLISHED

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web...

Not yet in CISA KEV

Exploited in the wild Remote No user interaction
Vendor
LiteSpeed Technologies
Product
cPanel Plugin
Published
Jun 14, 2026
EPSS

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

linux

Weaknesses (CWE)

  • CWE-61

    UNIX Symbolic Link (Symlink) Following

CVSS Scores

CVSS v3.1 8.5 High

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitation Status

Exploited in the wild

Recorded 2026-06-14 04:01:15 UTC · CVE

References

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2026-06-14 04:01 UTC

Timeline

  • Added to KEVIntel

  • CVE Published to Public

  • CVE ID Reserved