CISA has urged federal agencies to patch a critical vulnerability (CVE-2026-48172) in the LiteSpeed user-end plugin for cPanel, which is being actively exploited in the wild. The vulnerability, a privilege escalation issue with a CVSS score of 9.8, allows attackers to execute arbitrary scripts with root privileges. LiteSpeed released a fix in version 2.4.5 and recommended users upgrade to WHM Plugin version 5.3.1.0 or remove the plugin entirely. cPanel has also removed the vulnerable plugin from all versions. Agencies are advised to act by May 29, in line with CISA's guidance on Known Exploited Vulnerabilities.
CISA urges patch of CVE-2026-48172 in cPanel LiteSpeed plugin
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
LiteSpeed cPanel plugin bug lets hackers gain root, CISA warns
cybersixt.com
-
CISA adds LiteSpeed cPanel flaw CVE-2026-48172 to KEV catalog
cybersixt.com
-
Serpens Hackers Exploit CVE-2026-48172, Roll Out New RAT Variants
cybersixt.com
-
CISA urges patch of CVE-2026-48172 in cPanel LiteSpeed plugin
www.securityweek.com
-
CISA Adds Critical LiteSpeed cPanel Plugin Flaw to KEV Catalogue
cybersixt.com
-
LiteSpeed cPanel Plugin Flaw Lets Attackers Gain Root via CVE-2026-48172
cybersixt.com