AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-54420: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesJune 14, 2026CVE-2026-54420

Summary

The LiteSpeed cPanel plugin has a symlink following vulnerability (a flaw where the software unsafely follows symbolic links, which are shortcuts to files, allowing attackers to access unintended files) that affects shared hosting servers using CloudLinux/CageFS. An attacker with FTP or web shell access (the ability to run commands on a web server) could exploit this vulnerability, and it is currently being exploited in active attacks.

Solution / Mitigation

Apply mitigations in accordance with vendor instructions from the LiteSpeed security update (https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/), following CISA's BOD 26-04 guidance for patching. If mitigations are unavailable, discontinue use of the product. The patching deadline is 2026-06-18.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.3%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

June 14, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-61

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54420

First tracked: June 15, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%