LiteSpeed cPanel plugin before 2.4.8 (as distributed in...
High severity
Unreviewed
Published
Jun 14, 2026
to the GitHub Advisory Database
•
Updated Jun 15, 2026
Description
Published by the National Vulnerability Database
Jun 14, 2026
Published to the GitHub Advisory Database
Jun 14, 2026
Last updated
Jun 15, 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
References