HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Privilege Escalation in LiteSpeed cPanel Plugin (CVE‑2026‑48172) Allows Root Access

A CVSS 10.0 privilege‑escalation vulnerability (CVE‑2026‑48172) in LiteSpeed’s cPanel plugin (versions 2.3‑2.4.4) is being actively exploited, enabling attackers to gain root on affected servers. Hosting providers and SaaS platforms must patch immediately to protect downstream customers and meet CISA compliance deadlines.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
securityaffairs.com

Critical Privilege Escalation in LiteSpeed cPanel Plugin (CVE‑2026‑48172) Allows Root Access

What It Is — A CVSS 10.0 remote privilege‑escalation flaw in the LiteSpeed User‑End cPanel plugin (versions < 2.4.5) that lets an attacker invoke the lsws.redisAble function to run arbitrary scripts as root. Exploitability — Actively exploited in the wild; public PoC scripts and exploit kits are circulating.

Affected Products — LiteSpeed Technologies’ cPanel Plugin versions 2.3.0 through 2.4.4 (any server running cPanel with the plugin installed).

TPRM Impact — Hosting providers, SaaS platforms, and downstream customers that depend on the vulnerable plugin inherit a full‑system compromise risk, exposing tenant data, breaching compliance regimes (PCI‑DSS, HIPAA, etc.), and creating a supply‑chain foothold for attackers.

Recommended Actions

  • Upgrade the plugin to version 2.4.7 or later immediately.
  • Run the provided grep command to detect redisAble calls in cPanel logs and block any suspicious IPs.
  • Perform forensic analysis on any host that shows evidence of exploitation.
  • Document remediation to meet CISA BOD 22‑01 compliance (deadline May 29 2026).

Source: https://securityaffairs.com/192795/hacking/u-s-cisa-adds-litespeed-cpanel-plugin-flaw-to-its-known-exploited-vulnerabilities-catalog.html

📰 Original Source
https://securityaffairs.com/192795/hacking/u-s-cisa-adds-litespeed-cpanel-plugin-flaw-to-its-known-exploited-vulnerabilities-catalog.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →