HIGHVulnerability
Verified
Global

CISA KEV: LiteSpeed cPanel Plugin — LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

Analysis

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS. Added to CISA Known Exploited Vulnerabilities catalog on 2026-06-15. Remediation due: 2026-06-18.

Indicators of Compromise (1)

CVE (1)
CVE-2026-54420
Source Attribution

Originally published by CISA KEV on Jun 15, 2026. Verified by: CISA.

Related Threats