CVE-2026-54420
KEV High · CVSS 8.5LiteSpeed cPanel Plugin / LiteSpeed WHM Plugin — Symlink follow / CWE-61 UNIX symbolic link following leading to privilege escalation or path escape on shared hosting (CloudLinux/CageFS bypass)
- CVSS
- 8.5
- nvd
- EPSS
- 0.61%
- 45th pct
- KEV
- Listed
- 2026-06-15
- Class
- other
- CWE-61
Description
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
Search profile — drives PoC discovery
Symbols symlinkCageFSCloudLinuxFTPweb shellshared hostinglitespeed_whmcpanel_pluginlswsWHM PlugInlscpd
Keywords CVE-2026-54420LiteSpeed cPanel plugin symlinkLiteSpeed WHM Plugin symlinkCloudLinux CageFS bypass LiteSpeedLiteSpeed symlink shared hosting exploitlitespeed cpanel plugin 2.4.8WHM PlugIn 5.3.2.0 vulnerabilityLiteSpeed cPanel plugin PoCCageFS escape LiteSpeedLiteSpeed symlink privilege escalation
Versions: LiteSpeed cPanel Plugin before 2.4.8; LiteSpeed WHM Plugin before 5.3.2.0
Candidate PoCs (3) — discovered, not yet vetted or ranked
- HORKimhab/CVE-2026-54420★ 0nomi_sec
- ★ 0
- ★ 0
Recall-favoring discovery (nomi-sec + trickest). Vetting + ranking is the Stage-4 scorer.
References
Status: enriched · ingested 2026-06-16T18:00:52.000Z · profiled 2026-06-16T18:20:23.035Z