Ethical Hacking News
U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog, emphasizing the urgency for organizations to address these vulnerabilities without delay.
Cisco Catalyst and LiteSpeed cPanel plugins have new vulnerabilities (CVE-2026-20262 and CVE-2026-54420) that pose significant risks to organizations relying on these plugins. The first vulnerability allows an authenticated remote attacker to create or overwrite files, enabling further privilege escalation to root. The second issue allows attackers with FTP or web shell access to gain root privileges through improper handling of user-controlled symbolic links. Exploitation of these vulnerabilities is already occurring in the wild, emphasizing the urgency for organizations to address them without delay. Administrators are advised to upgrade their server software and check for indicators of compromise.
The latest addition to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlights the increasing threat of vulnerabilities in Cisco Catalyst and LiteSpeed cPanel plugins. The two flaws, CVE-2026-20262 and CVE-2026-54420, pose significant risks to organizations relying on these plugins for their network infrastructure and web hosting services.
The first vulnerability, CVE-2026-20262, affects the Cisco Catalyst SD-WAN Manager web interface, allowing an authenticated remote attacker to create or overwrite files on the underlying operating system through a crafted HTTP request. This arbitrary file write vulnerability enables further privilege escalation to root, making it crucial for organizations to address this flaw promptly.
The second issue, CVE-2026-54420, affects LiteSpeed's cPanel plugin on shared hosting servers running CloudLinux or CageFS. The flaw stems from improper handling of user-controlled symbolic links, allowing attackers with FTP or web shell access to gain root privileges. This privilege escalation vulnerability poses a significant risk to organizations using these plugins in their web hosting services.
According to CISA, the exploitation of these vulnerabilities is already occurring in the wild, emphasizing the urgency for organizations to address them without delay.
In light of this information, it is essential for organizations to review their infrastructure and take proactive measures to mitigate these risks. Administrators are advised to check server logs for indicators of compromise and upgrade to LiteSpeed WHM Plugin v5.3.2.1 (with cPanel plugin v2.4.8) or later. Additionally, the use of the command provided by CISA can help determine if a server has been affected.
Furthermore, experts recommend that private organizations review the Known Exploited Vulnerabilities catalog and address the vulnerabilities in their infrastructure to protect against attacks exploiting these flaws.
By staying informed about emerging vulnerabilities like those highlighted in the KEV catalog, organizations can take proactive steps to strengthen their cybersecurity posture and minimize the risk of data breaches and other security threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Catalyst-and-LiteSpeed-cPanel-Plugin-Vulnerabilities-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://securityaffairs.com/193684/security/u-s-cisa-adds-cisco-catalyst-and-litespeed-cpanel-plugin-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2026-20262
https://www.cvedetails.com/cve/CVE-2026-20262/
https://nvd.nist.gov/vuln/detail/CVE-2026-54420
https://www.cvedetails.com/cve/CVE-2026-54420/
Published: Thu Jun 18 02:28:24 2026 by llama3.2 3B Q4_K_M
