U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the LiteSpeed cPanel Plugin flaw CVE-2026-48172 to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-48172 (CVSS score of 10.0) affects the LiteSpeed User-End cPanel plugin before version 2.4.5 and allows…
Tag: LiteSpeed
Exploits, Global Security News, Risk Management
CISA adds LiteSpeed cPanel plugin bug to exploited vulnerabilities list
CISA warns of exploited LiteSpeed flaw putting shared hosting at risk.
Exploits, Global Security News
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. “Any cPanel user (including an attacker or a compromised account)…