CVE-2026-54420 – LiteSpeed cPanel Plugin Symlink Privilege Escalation

admin
June 14, 2026
Wire

CVE ID :CVE-2026-54420

Published : June 14, 2026, 4:16 a.m. | 14 hours, 4 minutes ago

Description :LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More

Related Posts

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

CVE-2026-55196 – Hermes WebUI < 0.51.409 – Unauthenticated Passkey Registration via Authentication Bypass

CVE-2026-53871 – Hermes WebUI < 0.51.368 – Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie