CVE-2026-54420EPSS p46.4%

CVE-2026-54420CVE-2026-54420

litespeedtech / litespeed_cpanel_plugin

Description

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

Scoring

CVSS 8.5 ()
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.65% probability of exploitation · percentile 46.4% · 2026-06-18T12:00:27Z
Last modified2026-06-16
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.