CVE-2026-54420
· Published 14/06/2026 06:16 · Modified 15/06/2026 21:17
· Author: The MITRE Corporation
Labels:
CVE-2026-54420
2026-06-14 CVE-2026-54420 CWE-61 [email protected]
Essential information
CVSS v3.1
Published
14/06/2026 06:16
Modified
15/06/2026 21:17
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.5 HIGH (v3.1)
CISA KEV
Yes CWE
CWE-61
CVSS vector
— CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H—
CVSS metrics
Access vector
— Access complexity
— Authentication
— Confidentiality impact
— Integrity impact
— Availability impact
— Exploitability
— Remediation level
— Report confidence
— Temporal score
—
Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality impact
High
Integrity impact
High
Availability impact
High
Exploit code maturity
— Remediation level
— Report confidence
— Temporal score
—
Attack vector
— Attack complexity
— Attack requirements
— Privileges required
— User interaction
— Confidentiality (V)
— Confidentiality (S)
— Integrity (V)
— Integrity (S)
— Availability (V)
— Availability (S)
— Exploit maturity
—
Description
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
NVD status
Status
Modified — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected] NVD
View on NVD
Affected products (CPE)
Product CPE
litespeedtech / litespeed cpanel plugin
cpe:2.3:a:litespeedtech:litespeed_cpanel_plugin:*:*:*:*:*:*:*:*
litespeedtech / litespeed whm plugin
cpe:2.3:a:litespeedtech:litespeed_whm_plugin:*:*:*:*:*:*:*:*
References
Relations
STIX relations involving this vulnerability (reports, intrusion sets, indicators, etc.).
Type
From
To
has9b4cdf8e-a686-4162-9db8-c4f5a601c34fCVE-2026-54420
hascPanel Plugin
CVE-2026-54420
