CISA has added CVE-2026-54420, a high-severity privilege escalation flaw in the LiteSpeed cPanel Plugin, to its Known Exploited Vulnerabilities catalogue. The vulnerability carries a CVSS score of 8.5 and allows attackers to escalate privileges to root level on affected systems. US federal agencies must apply patches by 18 June 2026, but active exploitation means all organisations running this plugin should treat this as urgent.

Security Architect’s Take: Audit your web hosting infrastructure and any cPanel-based environments for the LiteSpeed plugin and apply the vendor patch immediately. If patching cannot be done promptly, consider disabling the LiteSpeed cPanel Plugin until remediation is complete, and review recent privilege escalation events in your server logs for signs of compromise.

Original advisory: CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation