NVD disclosure day

Published threat advisories for June 14, 2026

CVE-2026-11526

Perl GD Library OS Command Injection and File Overwrite Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in the Perl GD library allows OS command injection and file overwrite when untrusted input is used as a filename, potentially enabling arbitrary command execution or file modification.

NVD published: June 14, 2026

CVE advisoryKnown Exploit

CVE-2026-54420

LiteSpeed cPanel Plugin Symlink Vulnerability on Shared Hosting

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in a LiteSpeed plugin for shared hosting can allow users with existing access to manipulate system files, potentially leading to unauthorized data access. This issue was recently exploited in the wild, making it important to determine if affected systems are in use.

NVD published: June 14, 2026 • CISA KEV