THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the LiteSpeed cPanel Plugin flaw, identified as CVE-2026-48172, to its Known Exploited Vulnerabilities catalog. This critical vulnerability (CVSS score of 10.0) affects versions prior to 2.4.5 and allows privilege escalation to potentially root access. It originates from poor handling of Redis functions and has been actively exploited. LiteSpeed has issued emergency patches, urging users to upgrade to version 2.4.7 to mitigate risks.
Admins are advised to check logs for suspicious activity and report any findings. Federal agencies have until May 29, 2026, to address this vulnerability, and private organizations are encouraged to review the catalog for potential impacts on their systems.