QSearchQSearch

CVE-2026-48172

9.8 CRITICAL

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026

Published: 2026-05-21 · Last updated: 2026-05-26

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-266

Affected products

VendorProduct
litespeedtechlitespeed_cpanel_plugin, litespeed_whm_plugin

Description

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-31386 OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability (7.2 HIGH)

Same CWE

  • CVE-2026-49060 Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation (9.8 CRITICAL)
  • CVE-2026-53814 OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped ... (8.3 HIGH)
  • CVE-2026-47169 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
  • CVE-2026-11620 A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646 (5.3 MEDIUM)
  • CVE-2026-11619 A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2 (6.3 MEDIUM)