A critical privilege escalation vulnerability (CVE-2026-54420) in the LiteSpeed cPanel plugin is being actively exploited and requires immediate patching to version 2.4.8 or higher.