CISA has added CVE-2026-48172 to its Known Exploited Vulnerabilities catalogue. The flaw affects LiteSpeed’s cPanel Plugin and is titled LiteSpeed cPanel Plugin Privilege Escalation Vulnerability. It permits any authenticated cPanel user to escalate privileges and execute arbitrary scripts with root access through the user‑end plugin.
The vulnerability is a privilege‑escalation bug in the LiteSpeed cPanel Plugin that can be triggered from the cPanel interface. The flaw is reachable over HTTPS and does not require any special privileges beyond a standard cPanel login. Successful exploitation gives an attacker root‑level command execution on the compromised server. It carries a CVSS v3.1 base score of 10.0, rated Critical. LiteSpeed released a security update on 21 May 2026 that patches the issue, and the update is available via the vendor’s security advisory.
CISA’s placement of this CVE in the KEV catalogue confirms that the vulnerability is being actively exploited in the wild. No public reports associate the flaw with ransomware campaigns at present. Federal agencies must complete remediation by 29 May 2026, the deadline established by CISA for KEV entries.
CISA instructs Federal Civilian Executive Branch agencies to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Although the directive binds FCEB organisations, all organisations that run the LiteSpeed cPanel Plugin should review their exposure and install the patch or apply equivalent mitigations without delay.
For complete details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-48172 and the CISA KEV catalogue entry.