‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn b...

CVE-2026-54420 is a critical symlink mishandling vulnerability in LiteSpeed cPanel plugin versions before 2.4.8 and LiteSpeed WHM Plugin versions before 5.3.2.0. Attackers with FTP or web shell access on CloudLinux/CageFS servers can exploit this flaw to escalate privileges or access sensitive files. Active exploitation was confirmed in the wild during May 2026.

CRITICALAdvisoryJun 14, 2026

Action required

Immediately identify and patch all LiteSpeed cPanel plugins to version 2.4.8 or later and LiteSpeed WHM Plugin to 5.3.2.0 or later. Audit FTP and web shell access logs on affected servers for suspicious symlink activity from May 2026 onwards.

Affected products

cPanel pluginWHM PlugInLiteSpeed

CVE IDs

CVE-2026-54420

Linked articles

‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn b...

Source links

https://x.com/DarkWebInformer/status/2066181799944871959