Home · Live brief · Weekly 2026-W26
CVE-2026-54420 — LiteSpeed cPanel/WHM plugin: symlink-following on shared hosting, exploited (CISA KEV)
notable vulnerability discovered 2026-06-22 00:14 UTC
Part of run 2026-W25-0aacfe65 (weekly · Claude Opus 4.8)
The LiteSpeed cPanel plugin before 2.4.8 mishandles user-supplied symlinks on CloudLinux/CageFS shared hosting, letting a user with FTP or web-shell access escalate; it is exploited in the wild and KEV-listed (LiteSpeed; daily 06-16). Relevant to any public-sector or education entity running shared cPanel hosting. Update to the LiteSpeed WHM PlugIn version 5.3.2.1.
“The LiteSpeed cPanel plugin before 2.4.8 mishandles user-supplied symlinks on CloudLinux/CageFS shared hosting, letting a user with FTP or web-shell access escalate; it is exploited in the wild and KEV-listed (LiteSpeed; daily 06-16).” — ctipilot v2 brief (migrated)