CISA Warns of Actively Exploited cPanel Plugin Flaw
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical cPanel plugin flaw, CVE-2026-54420, that's being actively exploited by hackers, posing a significant risk to all user-end plugin versions prior to 2.4.8. This vulnerability allows attackers to escalate privileges to root, putting…
#CpanelPluginFlaw #Cve202654420 #Cve202648172 #EmergingThreats #UnixSymlinkFollowing
CISA Warns of LiteSpeed cPanel Plugin Flaw Exploited for Root Access
A critical vulnerability in the LiteSpeed cPanel Plugin, known as CVE-2026-54420, has been flagged by CISA for its high risk of exploitation, with a CVSS score of 8.5, and federal agencies have until June 18, 2026, to apply the necessary fix. This flaw allows for privilege escalation and has been added…
#Cve202654420 #LitespeedCpanelPlugin #PrivilegeEscalation #CisaKev #FederalCivilianExecutiveBranch
🚨 [CISA-2026:0615] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20262 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- Name: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20262
⚠️ CVE-2026-54420 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-54420)
- Name: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: LiteSpeed
- Product: cPanel Plugin
- Notes: https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-54420
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260615 #cisa20260615 #cve_2026_20262 #cve_2026_54420 #cve202620262 #cve202654420
Analyst207
ZEN SecDB