Live Cybersecurity News Ticker | Codekeeper

LiteSpeed cPanel Plugin Zero-Day Under Active Exploitation

Written by Content Team | Jul 6, 2026 12:21:52 PM

A critical zero-day vulnerability in the LiteSpeed cPanel user-end plugin is being actively exploited, threatening shared hosting environments globally. Tracked as CVE-2026-54420, the flaw lets attackers with limited access — like stolen FTP credentials — escalate privileges all the way to root, breaking tenant isolation and potentially exposing every site on a shared server.

Namecheap researchers discovered the issue after spotting suspicious API call patterns, specifically rapid concurrent chaining of the generateEcCert and packageUserSize functions. LiteSpeed patched it in cPanel plugin version 2.4.8 on June 1, 2026. Admins should update immediately or remove the user-end plugin as a stopgap.

Source: Cybersecurity News