F5 issued out-of-band NGINX updates for flaws affecting HTTP/3, proxy protocol, gRPC, Gateway Fabric, and related products. Teams running internet-facing NGINX should check versions, exposed modules, Kubernetes ingress paths, and temporary mitigations before treating this as routine patching.
CISA added CVE-2026-54420, an actively exploited LiteSpeed cPanel plugin flaw, to its Known Exploited Vulnerabilities catalog. Shared hosting providers running CloudLinux or CageFS should move to the fixed plugin versions, check cPanel logs, and treat suspicious access as a possible root-level incident.