CVE-2026-54420
Received Received - Intake
Symlink Attack in LiteSpeed cPanel Plugin

Publication date: 2026-06-14

Last updated on: 2026-06-14

Assigner: MITRE

Description
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-14
Last Modified
2026-06-14
Generated
2026-06-14
AI Q&A
2026-06-14
EPSS Evaluated
N/A
NVD
CVE-2026-54420
EUVD
EUVD-2026-36657
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
litespeed_technologies litespeed_cpanel_plugin to 2.4.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability affects the LiteSpeed cPanel plugin versions before 2.4.8, specifically as distributed in LiteSpeed WHM PlugIn versions before 5.3.2.0. It involves improper handling of symbolic links (symlinks) provided by a user who has FTP or web shell access on a shared hosting server running CloudLinux with CageFS. This mishandling can be exploited by attackers, as was observed in the wild in May 2026.

Impact Analysis

This vulnerability has a high severity with a CVSS v3.1 base score of 8.5, indicating it can have significant impact. Because it allows exploitation through symlink mishandling by users with FTP or web shell access, it can lead to a complete compromise of confidentiality, integrity, and availability of the affected system. Attackers could potentially access or modify sensitive data, disrupt services, or escalate privileges on a shared hosting server.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54420. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart