Critical Privilege Escalation in LiteSpeed cPanel Plugin (CVE‑2026‑48172) Allows Root Access
What It Is — A CVSS 10.0 remote privilege‑escalation flaw in the LiteSpeed User‑End cPanel plugin (versions < 2.4.5) that lets an attacker invoke the lsws.redisAble function to run arbitrary scripts as root. Exploitability — Actively exploited in the wild; public PoC scripts and exploit kits are circulating.
Affected Products — LiteSpeed Technologies’ cPanel Plugin versions 2.3.0 through 2.4.4 (any server running cPanel with the plugin installed).
TPRM Impact — Hosting providers, SaaS platforms, and downstream customers that depend on the vulnerable plugin inherit a full‑system compromise risk, exposing tenant data, breaching compliance regimes (PCI‑DSS, HIPAA, etc.), and creating a supply‑chain foothold for attackers.
Recommended Actions —
- Upgrade the plugin to version 2.4.7 or later immediately.
- Run the provided grep command to detect
redisAblecalls in cPanel logs and block any suspicious IPs. - Perform forensic analysis on any host that shows evidence of exploitation.
- Document remediation to meet CISA BOD 22‑01 compliance (deadline May 29 2026).
Source: https://securityaffairs.com/192795/hacking/u-s-cisa-adds-litespeed-cpanel-plugin-flaw-to-its-known-exploited-vulnerabilities-catalog.html