CVE-2026-54420 — LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

Description

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

How to fix CVE-2026-54420

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2026-54420 being exploited?

Yes — CVE-2026-54420 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.