15 matches found
Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin
CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 18, 2026. The vulnerability in questi...
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
LiteSpeed cPanel plugin contains a UNIX symbolic link Symlink following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS...
CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
EUVD-2026-36657
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
PT-2026-49104
Name of the Vulnerable Software and Affected Versions LiteSpeed cPanel plugin versions prior to 2.4.8 LiteSpeed WHM PlugIn versions prior to 5.3.2.0 Description A symlink-following flaw exists in the LiteSpeed cPanel plugin where the software mishandles symbolic links provided by a user. An...
VulnCheck KEV: CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Insufficiently Restricted Proxy Command Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02CloudLinuxCageFSInsufficientlyRestrictedProxyCommands Vulnerability Overview CloudLinux CageFS 7.0.8-2 or...
CloudLinux CageFS 7.1.1-1 Token Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...
CVE-2020-36771
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...
CloudLinux CageFS Security Vulnerability
CloudLinux CageFS is a virtualized file system and set of tools from CloudLinux. A security vulnerability exists in CloudLinux CageFS version 7.1.1-1 and prior versions. An attacker can exploit the vulnerability to view a list of processes and execute code as another user...
CloudLinux CageFS Security Vulnerability
CloudLinux CageFS is a virtualized file system and set of tools from CloudLinux. A security vulnerability exists in CloudLinux CageFS version 7.0.8-2 and prior versions. An attacker could exploit the vulnerability to read and write arbitrary files outside of the CageFS environment in a limited wa...
PT-2024-10823 · Cloudlinux · Cloudlinux Cagefs
Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.1.1-1 and below Description: The issue allows local users to view the authentication token via the process list and gain code execution as another user, because the authentication token is passed as a command line...
PT-2024-10824 · Cloudlinux · Cloudlinux Cagefs
Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.0.8-2 and below Description: The issue allows local users to read and write arbitrary files of certain file formats outside the CageFS environment due to insufficient restrictions on file paths supplied to the...