CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.

The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege