[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:cve-2026-54420-litespeed-cpanel-plugin-before-2-4-8-as-distributed-in-litespeed--mqe1c5u0":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":13,"action_required":17,"article_ids":18,"ioc_summary":20,"source_urls":21,"status":23,"expires_at":24,"created_at":25,"updated_at":26,"articles":27},"4a7a3b8e-8a43-429d-97a5-7532b1963f35","‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn b...","cve-2026-54420-litespeed-cpanel-plugin-before-2-4-8-as-distributed-in-litespeed--mqe1c5u0","CVE-2026-54420 is a critical symlink mishandling vulnerability in LiteSpeed cPanel plugin versions before 2.4.8 and LiteSpeed WHM Plugin versions before 5.3.2.0. Attackers with FTP or web shell access on CloudLinux\u002FCageFS servers can exploit this flaw to escalate privileges or access sensitive files. Active exploitation was confirmed in the wild during May 2026.","critical","advisory",[12],"CVE-2026-54420",[14,15,16],"cPanel plugin","WHM PlugIn","LiteSpeed","Immediately identify and patch all LiteSpeed cPanel plugins to version 2.4.8 or later and LiteSpeed WHM Plugin to 5.3.2.0 or later. Audit FTP and web shell access logs on affected servers for suspicious symlink activity from May 2026 onwards.",[19],"5d622488-478a-45a8-8210-19eb545b4855",null,[22],"https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2066181799944871959","active","2026-06-16T17:05:22.17+00:00","2026-06-14T17:05:24.450553+00:00","2026-06-14T17:05:27.900705+00:00",[28],{"id":19,"title":6,"url":22}]