securityonline.info 6/16/2026, 1:30:49 AM · external

LiteSpeed flaw lets users gain root, Cisco SD WAN also exposed

Developing story vulnerability 6 articles tracked

Cisco SD-WAN and LiteSpeed cPanel vulnerabilities exploited in the wild

CyberSIXT Evidence Panel

Primary Source

blog.litespeedtech.com

CVE Intel

CVE-2026-54420 - NVD CISA KEV due 2026-06-18 8.5 HIGH

CVE-2026-20262 - NVD CISA KEV due 2026-06-29 6.5 MEDIUM Patch Unknown

CISA KEV Listed in KEV

Patch Patch Available

TWO critical vulnerabilities have been detected: CVE-2026-54420 affects the LiteSpeed cPanel Plugin, enabling privilege escalation for low-privileged users to gain root access, and CVE-2026-20262 pertains to Cisco Catalyst SD-WAN Manager allowing directory traversal. Administrators are urged to patch their systems urgently as these exploits are currently active. The LiteSpeed vulnerability, rated 8.5 on the CVSS scale, allows users on shared servers to escape their boundaries and threatens multiple accounts. LiteSpeed has addressed the issue in version 2.4.8; upgrading is advised to mitigate risks.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline

#6 Jun 16, 2026, 12:00 AM Current article

securityonline.info
LiteSpeed flaw lets users gain root, Cisco SD WAN also exposed
#5 Jun 15, 2026, 08:17 PM

cybersixt.com
CISA flags Cisco Catalyst SD WAN flaw CVE-2026-20262 in KEV list
#4 Jun 15, 2026, 08:16 PM

cybersixt.com
CISA flags LiteSpeed cPanel Plugin UNIX symlink vulnerability
#3 Jun 15, 2026, 07:41 PM

cybersixt.com
CISA adds Cisco SDWAN Manager CVE-2026-20262 to KEV list
#2 Jun 15, 2026, 07:40 PM

cybersixt.com
CISA Adds CVE-2026-54420 to Known Exploited Vulnerabilities Catalogue
#1 Jun 15, 2026, 06:09 PM

cybersixt.com
Cisco SD-WAN Vulnerability Exploited in the Wild: Patch CVE-2026-20262 Now