LiteSpeed User-End cPanel Plugin is affected by CVE-2026-48172, a critical privilege assignment flaw that is being actively exploited to run arbitrary scripts as root. Users should check for signs of exploitation, upgrade to cPanel plugin v2.4.7 or WHM plugin v5.3.1.0, or uninstall the plugin if patching cannot be done immediately. #CVE-2026-48172 #LiteSpeed #cPanel
Keypoints
- CVE-2026-48172 carries a CVSS score of 10.0.
- The flaw affects LiteSpeed User-End cPanel Plugin versions 2.3 through 2.4.4.
- An attacker can abuse lsws.redisAble to execute arbitrary scripts as root.
- LiteSpeed says the vulnerability is actively being exploited in the wild.
- Users should upgrade to version 2.4.7 or uninstall the plugin if needed.
Read More: https://thehackernews.com/2026/05/litespeed-cpanel-plugin-cve-2026-48172.html