Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Urgent: Security Flaw in LiteSpeed cPanel Plugin Could Let Hackers Take Control

A serious security flaw has been found in the LiteSpeed cPanel plugin used on some shared hosting servers. This flaw has already been exploited by attackers to gain higher access rights, potentially allowing them to control websites or servers. Small businesses using shared hosting with this plugin should act quickly to reduce risk.

16 June 2026

Reference: CVE-2026-54420

1. What is being reported?

The LiteSpeed cPanel plugin has a vulnerability that mishandles symbolic links (symlinks) when a user has FTP or web shell access on a shared hosting server. This means an attacker who already has limited access could use this flaw to escalate their privileges and gain more control than they should have.

2. What this means in plain English

If your website or server is hosted on a shared server using this plugin, an attacker who gains even basic access could exploit this flaw to take over your site or server. This could lead to data loss, website defacement, or further attacks. It is a high-risk issue because it has been actively exploited in the wild.

3. Could this affect a small business?

Small businesses using shared hosting services that include the LiteSpeed cPanel plugin before version 2.4.8 and running CloudLinux with CageFS could be affected. If you do not use this plugin or your hosting provider has already updated it, you are likely not affected. Ask your hosting provider to confirm.

4. What to do now

  • Contact your hosting provider or IT support to check if the LiteSpeed cPanel plugin is used and what version is installed.
  • Ensure the plugin is updated to version 2.4.8 or later as soon as possible if you are affected.
  • If updates are not available, discuss with your provider about applying recommended mitigations or consider moving to a different hosting service.
  • Regularly review your hosting account for any unusual activity and maintain strong passwords and access controls.

5. Ask your IT provider

Can you confirm if our hosting environment uses the LiteSpeed cPanel plugin, and if so, has it been updated to address the CVE-2026-54420 vulnerability?

6. Bottom line

If your website is on shared hosting using LiteSpeed cPanel plugin, act quickly to ensure it is updated to prevent attackers from gaining control.

Information based on CISA KEV, NVD, and multiple reputable security reports.

Back to Vulnerability Briefs