www.securityweek.com 5/27/2026, 7:11:11 AM · external

CISA urges patch of CVE-2026-48172 in cPanel LiteSpeed plugin

CISA urges patch of CVE-2026-48172 in cPanel LiteSpeed plugin
Developing story vulnerability 6 articles tracked
LiteSpeed cPanel Plugin privilege escalation flaw (CVE-2026-48172) exploited in the wild
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

CISA has urged federal agencies to patch a critical vulnerability (CVE-2026-48172) in the LiteSpeed user-end plugin for cPanel, which is being actively exploited in the wild. The vulnerability, a privilege escalation issue with a CVSS score of 9.8, allows attackers to execute arbitrary scripts with root privileges. LiteSpeed released a fix in version 2.4.5 and recommended users upgrade to WHM Plugin version 5.3.1.0 or remove the plugin entirely. cPanel has also removed the vulnerable plugin from all versions. Agencies are advised to act by May 29, in line with CISA's guidance on Known Exploited Vulnerabilities.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline