Main Vulnerability Database Exploits ID:12775 - Exploit for Improper access control in LiteSpeed User-End cPanel Plugin and LiteSpeed WHM Plugin - CVE-2026-54420

ID:12775 - Exploit for Improper access control in LiteSpeed User-End cPanel Plugin and LiteSpeed WHM Plugin - CVE-2026-54420

Published: June 23, 2026

Vulnerability identifier: #VU134649

Vulnerability risk: Critical

CVE-ID: CVE-2026-54420

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
LiteSpeed User-End cPanel Plugin
LiteSpeed WHM Plugin

Link to public exploit:

https://github.com/fevar54/CVE-2026-54420-LiteSpeed-Symlink-Exploit

Vulnerability description

The vulnerability allows a remote user to escalate privileges to root.

The vulnerability exists due to improper access control in the LiteSpeed cPanel user-end plugin when handling cPanel JSON API requests. A remote user can invoke crafted requests to vulnerable plugin functionality to escalate privileges to root.

Exploitation requires FTP access or web shell access on shared hosting servers running CloudLinux/CageFS.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install security update from vendor's website.

ID:12775 - Exploit for Improper access control in LiteSpeed User-End cPanel Plugin and LiteSpeed WHM Plugin - CVE-2026-54420

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human