CISA has ordered U.S. federal agencies to patch an actively exploited LiteSpeed cPanel user-end plugin flaw within three days, after the vulnerability was added to the Known Exploited Vulnerabilities Catalog. The issue, tracked as CVE-2026-48172 and reported by Namecheap, can let attackers with FTP or web shell access escalate to root on shared hosting servers running CloudLinux/CageFS. #CVE-2026-48172 #CISA #LiteSpeed #Namecheap #CloudLinux #CageFS
Keypoints
- CISA gave federal agencies three days to secure systems affected by the LiteSpeed cPanel flaw.
- CVE-2026-48172 affects user-end plugin versions before 2.4.8.
- The vulnerability stems from a UNIX symlink following weakness.
- Attackers with FTP or web shell access can escalate privileges to root.
- LiteSpeed released urgent updates and advised checking logs for signs of exploitation.