CISA has ordered U.S. federal agencies to patch an actively exploited critical privilege escalation flaw in the LiteSpeed cPanel user-end plugin by Friday, May 29. The vulnerability, tracked as CVE-2026-48172, can let unauthenticated attackers run arbitrary scripts with root privileges, and users are urged to update immediately or block suspicious IPs. #CVE-2026-48172 #LiteSpeed #cPanel #WHM #CISA
Keypoints
- CISA added CVE-2026-48172 to its exploited vulnerabilities catalog.
- The flaw affects the LiteSpeed cPanel user-end plugin and is actively being used in attacks.
- Remote attackers can gain root privileges through incorrect privilege assignment.
- LiteSpeed released urgent updates for the affected plugin versions.
- Federal agencies must patch by midnight on Friday, May 29 under BOD 22-01.