THREATOPS
THREAT OPSCVEs › CVE-2026-54420

CVE-2026-54420 — LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

CISA KEVExploited: confirmedLiteSpeed

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

Vulnerability details

Related reporting