Description
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
Published: 2026-06-14
Score: 8.5 High
EPSS: 1.3% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The cPanel plugin for LiteSpeed mishandles symbolic links created by a user who has FTP or web shell access on a shared hosting server that runs CloudLinux/CageFS, as described in the advisory. Based on the description, this flaw appears to allow an attacker to place a symlink that points outside the intended directory, giving the plugin the ability to read or execute files that normally would be inaccessible. The impact could therefore lead to remote code execution or unauthorized data disclosure, which is inferred from the stated behavior of the plugin and is consistent with CWE‑61, a path‑traversal weakness.

Affected Systems

This vulnerability impacts any LiteSpeed Technologies cPanel plugin version before v2.4.8, which are distributed as part of the LiteSpeed WHM PlugIn v5.3.1 and earlier. The affected hosting environments are shared servers running CloudLinux/CageFS where users can create or modify symbolic links via FTP or a web shell.

Risk and Exploitability

The CVSS score of 8.5 signals a high severity flaw. While exploitation requires a user to already possess FTP or web shell write privileges, the EPSS score of < 1% suggests a low overall exploitation probability. Nonetheless, the active exploitation observed in May 2026 and the listing in the CISA KEV catalog indicate that this vulnerability is being actively targeted. Attackers would need to create a malicious symlink in the hosting environment; once the symlink is in place, the plugin could process it and potentially execute arbitrary code on the host.

Generated by OpenCVE AI on June 18, 2026 at 07:17 UTC.

Remediation

Vendor Solution

Upgrade to the LiteSpeed WHM PlugIn v5.3.2.0 or higher (which includes the cPanel PlugIn v2.4.8).


Vendor Workaround

Disable the cPanel PlugIn for LiteSpeed


OpenCVE Recommended Actions

  • Upgrade the LiteSpeed WHM PlugIn to version 5.3.2.0 or later, which includes the patched cPanel PlugIn v2.4.8.
  • If an upgrade is not immediately possible, disable the cPanel PlugIn for LiteSpeed to eliminate the exploitation path.
  • Reconfigure the hosting environment to restrict symlink creation and enforce strict file permissions, and apply CloudLinux CageFS hardening measures where available.

Generated by OpenCVE AI on June 18, 2026 at 07:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Symbolic Link Path Traversal in LiteSpeed cPanel Plugin Allows Remote Code Execution

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Symlink Manipulation Allowing Remote Code Execution in LiteSpeed cPanel Plugin

Mon, 15 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Litespeedtech
Litespeedtech litespeed Cpanel Plugin
Litespeedtech litespeed Whm Plugin
CPEs cpe:2.3:a:litespeedtech:litespeed_cpanel_plugin:*:*:*:*:*:*:*:*
cpe:2.3:a:litespeedtech:litespeed_whm_plugin:*:*:*:*:*:*:*:*
Vendors & Products Litespeedtech
Litespeedtech litespeed Cpanel Plugin
Litespeedtech litespeed Whm Plugin

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-06-15T00:00:00+00:00', 'dueDate': '2026-06-18T00:00:00+00:00'}


Mon, 15 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 14 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
First Time appeared Litespeed Technologies
Litespeed Technologies cpanel Plugin
Vendors & Products Litespeed Technologies
Litespeed Technologies cpanel Plugin

Sun, 14 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
Title Symlink Manipulation Allowing Remote Code Execution in LiteSpeed cPanel Plugin

Sun, 14 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
Weaknesses CWE-61
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Litespeed Technologies Cpanel Plugin
Litespeedtech Litespeed Cpanel Plugin Litespeed Whm Plugin
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T03:56:05.377Z

Reserved: 2026-06-14T03:23:12.439Z

Link: CVE-2026-54420

cve-icon Vulnrichment

Updated: 2026-06-15T17:14:45.605Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-14T04:16:28.630

Modified: 2026-06-16T12:55:03.590

Link: CVE-2026-54420

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:30:05Z

Weaknesses
  • CWE-61

    UNIX Symbolic Link (Symlink) Following