CYBERHAWK / CVE / CVE-2026-54420

CVE-2026-54420

cPanel Plugin

ACTIVELY EXPLOITED (KEV) other

The flaw

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-54420

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege EscalationThe Hacker News · 2026-06-16
U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalogSecurity Affairs · 2026-06-16
CISA warns of another cPanel plugin flaw exploited in attacksBleepingComputer · 2026-06-16

First seen 2026-06-19 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits