COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-54420

CVE-2026-54420

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-15
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-54420
⌖ exploited in the wild shame 45/100 exploited-in-wildsupply-chainunpatched

LiteSpeed cPanel plugin allows attackers to traverse symlink chains to escape shared hosting isolation on CloudLinux/CageFS.

This symlink following vulnerability in the LiteSpeed cPanel plugin enables attackers with FTP or web shell access to bypass shared hosting isolation on CloudLinux/CageFS environments. DIB organizations using LiteSpeed cPanel plugins face elevated risk of lateral movement and data exfiltration from compromised shared servers, requiring immediate patching and isolation verification.

Shame score — A known symlink traversal vulnerability in a widely-used cPanel plugin that allows isolation bypass on shared hosting platforms.

Players implicated

LiteSpeed · vendorcPanel Plugin · product

Description

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.