LiteSpeed cPanel Plugin Zero-Day Under Active Exploitation
Critical zero-day vulnerability in LiteSpeed cPanel plugin threatens global shared hosting; immediate update to version 2.4.8 is crucial.
By
Content Team
ON THIS PAGE
Want more insights like this?
Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.
By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.
A critical zero-day vulnerability in the LiteSpeed cPanel user-end plugin is being actively exploited, threatening shared hosting environments globally. Tracked as CVE-2026-54420, the flaw lets attackers with limited access — like stolen FTP credentials — escalate privileges all the way to root, breaking tenant isolation and potentially exposing every site on a shared server.
Namecheap researchers discovered the issue after spotting suspicious API call patterns, specifically rapid concurrent chaining of the generateEcCert and packageUserSize functions. LiteSpeed patched it in cPanel plugin version 2.4.8 on June 1, 2026. Admins should update immediately or remove the user-end plugin as a stopgap.
Source: Cybersecurity News
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo