Impact
The cPanel plugin for LiteSpeed mishandles symbolic links created by a user who has FTP or web shell access on a shared hosting server that runs CloudLinux/CageFS, as described in the advisory. Based on the description, this flaw appears to allow an attacker to place a symlink that points outside the intended directory, giving the plugin the ability to read or execute files that normally would be inaccessible. The impact could therefore lead to remote code execution or unauthorized data disclosure, which is inferred from the stated behavior of the plugin and is consistent with CWE‑61, a path‑traversal weakness.
Affected Systems
This vulnerability impacts any LiteSpeed Technologies cPanel plugin version before v2.4.8, which are distributed as part of the LiteSpeed WHM PlugIn v5.3.1 and earlier. The affected hosting environments are shared servers running CloudLinux/CageFS where users can create or modify symbolic links via FTP or a web shell.
Risk and Exploitability
The CVSS score of 8.5 signals a high severity flaw. While exploitation requires a user to already possess FTP or web shell write privileges, the EPSS score of < 1% suggests a low overall exploitation probability. Nonetheless, the active exploitation observed in May 2026 and the listing in the CISA KEV catalog indicate that this vulnerability is being actively targeted. Attackers would need to create a malicious symlink in the hosting environment; once the symlink is in place, the plugin could process it and potentially execute arbitrary code on the host.
OpenCVE Enrichment