CISA has urged federal agencies to patch a critical vulnerability (CVE-2026-48172) in the LiteSpeed user-end plugin for cPanel, which is being actively exploited in the wild. The vulnerability, a privilege escalation issue with a CVSS score of 9.8, allows attackers to execute arbitrary scripts with root privileges. LiteSpeed released a fix in version 2.4.5 and recommended users upgrade to WHM Plugin version 5.3.1.0 or remove the plugin entirely. cPanel has also removed the vulnerable plugin from all versions. Agencies are advised to act by May 29, in line with CISA's guidance on Known Exploited Vulnerabilities.
CISA urges patch of CVE-2026-48172 in cPanel LiteSpeed plugin
Incident
Open incident page
CISA adds LiteSpeed cPanel flaw CVE-2026-48172 to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the LiteSpeed cPanel Plugin flaw, identified as CVE-2026-48172, to its Known Exploited Vulnerabilities catalog. This critical vulnerability (CVSS score of 10.0) affects versions prior to 2.4.5 and allows privilege escalation to potentially root access. It originates from poor…
First seen 2026-05-23T08:30:29.348Z · Last seen 2026-05-28T10:31:56.592Z
- CISA adds LiteSpeed cPanel flaw CVE-2026-48172 to KEV catalog
- Serpens Hackers Exploit CVE-2026-48172, Roll Out New RAT Variants
- CISA urges patch of CVE-2026-48172 in cPanel LiteSpeed plugin
- CISA Adds Critical LiteSpeed cPanel Plugin Flaw to KEV Catalogue
- LiteSpeed cPanel Plugin Flaw Lets Attackers Gain Root via CVE-2026-48172
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
CISA adds LiteSpeed cPanel flaw CVE-2026-48172 to KEV catalog
cybersixt.com
-
Serpens Hackers Exploit CVE-2026-48172, Roll Out New RAT Variants
-
CISA urges patch of CVE-2026-48172 in cPanel LiteSpeed plugin
www.securityweek.com
-
CISA Adds Critical LiteSpeed cPanel Plugin Flaw to KEV Catalogue
-
LiteSpeed cPanel Plugin Flaw Lets Attackers Gain Root via CVE-2026-48172