CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege

The article reports that CISA added LiteSpeed cPanel Plugin vulnerability CVE-2026-54420 (CVSS 8.5) to its Known Exploited Vulnerabilities catalog and ordered U.S. federal agencies to patch by June 18, 2026.[3][9] The flaw in LiteSpeed cPanel plugin before 2.4.8 (bundled with WHM plugin before 5.3.2.0) mishandles symlinks provided by users with FTP or web shell access on CloudLinux/CageFS shared hosting, enabling escalation to root.[1][3] From a CyberSE.AI perspective, this highlights AI supply chain and SBOM risks where LLM-integrated or AI-enabled web services depend on third‑party hosting stacks: compromise of the underlying LiteSpeed/cPanel environment can fully undermine any AI application or agent running on the same host. Organizations should treat web server and control-panel components as critical dependencies in their AI supply chain, ensure they are captured in SBOMs, continuously monitored against KEV-type advisories, and incorporated into hardening, patch orchestration, and segregation strategies for AI workloads.