U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog
Publish Date: 2026-06-16 05:21:00
Source Domain: securityaffairs.com
U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini
June 16, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities (KEV) catalog.
The two flaws added to the catalog are:
- CVE-2026-20262 (CVSS score of 6.5) Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
- CVE-2026-54420 (CVSS score of 8.5) LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
CVE-2026-20262 is an arbitrary file write vulnerability in the web interface of Cisco Catalyst SD-WAN Manager. The flaw is caused by improper validation of user-supplied input during file uploads, allowing an authenticated remote attacker to create or overwrite files on the underlying operating system through a crafted HTTP request.
A successful attack could enable further privilege escalation to root. Exploitation requires valid credentials for a low-privileged user account.
The second issue added to the catalog, CVE-2026-54420, is a privilege-escalation vulnerability affecting LiteSpeed’s cPanel plugin on shared hosting servers running CloudLinux or CageFS. The flaw stems from improper handling of user-controlled symbolic links, allowing attackers with FTP or web shell access to gain root privileges.
The exploitation in the wild has been confirmed.
“This vulnerability is being actively exploited, and poses a risk for all user-end plugin versions prior to 2.4.8.” reads the advisory.
The advisory recommends using the following command to determine if your server has been affected:
grep -rE…
Source
