Critical Vulnerability in LiteSpeed User-End cPanel Plugin

Background

LiteSpeed is a web server technology that processes website files, serves them to visitors, and handles heavy traffic. LiteSpeed Technologies has released security updates addressing a critical vulnerability (CVE-2026-48172) in the LiteSpeed User-End cPanel Plugin. 

This vulnerability has a Common Vulnerability Scoring System (CVSS v4.0) score of 10 out of 10.

Impact

Successful exploitation of this vulnerability may allow an authenticated low-privileged cPanel user to execute arbitrary scripts with elevated root privileges, potentially resulting in full compromise of affected servers. An attacker could gain unauthorised command execution capabilities, leading to complete takeover of the hosting infrastructure, data theft, website defacement, malware deployment, credential compromise, and lateral movement across hosted environments.

Known Exploitation

This vulnerability is reportedly being actively exploited.

Affected Products 

The vulnerability affects all versions of the LiteSpeed User-End cPanel Plugin prior to 2.4.5.

Recommendations

Users and administrators of affected versions are advised to update to the latest version immediately.

Administrators are also advised to refer to the Security Update by LiteSpeed Technologies on how to check their servers for signs of compromise, and to implement available workarounds if immediate patching is not possible.

References 

https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/

https://nvd.nist.gov/vuln/detail/CVE-2026-48172

https://thehackernews.com/2026/05/litespeed-cpanel-plugin-cve-2026-48172.html