CVE-2026-54420

Published: Giu 14, 2026 Last Modified: Giu 14, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

UNIX Symbolic Link (Symlink) Following

Incomplete

Abstraction: Compound Structure: Composite

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Files Or Directories Modify Files Or Directories

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://blog.litespeedtech.com/2026/06/01/security-update-f…

https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-…

https://www.litespeedtech.com/products/litespeed-web-server…

https://www.litespeedtech.com/products/litespeed-web-server/control-panel-suppo…

CVE-2026-54420

Description

UNIX Symbolic Link (Symlink) Following

Common Consequences

Applicable Platforms

Iscriviti alla newsletter