CISA has urged federal agencies to urgently patch CVE-2026-48172, a critical privilege escalation flaw in the LiteSpeed user-end plugin for cPanel that has been actively exploited in the wild. The issue affects user-end plugin versions v2.3 through v2.4.4 and can enable attackers to run arbitrary scripts with root privileges, with fixes available in LiteSpeed WHM Plugin version 5.3.1.0 or later. #CVE-2026-48172 #LiteSpeed #cPanel #CISA
Keypoints
- CISA added CVE-2026-48172 to its Known Exploited Vulnerabilities catalog.
- The flaw affects the LiteSpeed user-end plugin for cPanel.
- Attackers can gain root privileges through this privilege escalation issue.
- LiteSpeed confirmed the vulnerability was exploited as a zero-day.
- Users should upgrade to version 5.3.1.0 or remove the plugin if patching is not possible.