Home · Briefs · CTI Weekly Summary — 2026-W25 (Jun 15 – Jun 21, 2026)
CVE-2026-54420 — LiteSpeed cPanel/WHM plugin: symlink-following on shared hosting, exploited (CISA KEV)
From CTI Weekly Summary — 2026-W25 (Jun 15 – Jun 21, 2026) · published 2026-06-22
The LiteSpeed cPanel plugin before 2.4.8 mishandles user-supplied symlinks on CloudLinux/CageFS shared hosting, letting a user with FTP or web-shell access escalate; it is exploited in the wild and KEV-listed (LiteSpeed; daily 06-16). Relevant to any public-sector or education entity running shared cPanel hosting. Update to the LiteSpeed WHM PlugIn version 5.3.2.1.