CVE-2026-48172
critical
KEV
CVSS v3
9.8
CVSS v2
—
VIR risk
10.0
Description
LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.
CISA KEV
- Vendor
- LiteSpeed
- Product
- cPanel Plugin
- Due date
- 2026-05-29
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172
Vendor advisory: cve@mitre.org — https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
Vendor advisory: cve@mitre.org — https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/
Exploits
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| litespeedtech | litespeed_cpanel_plugin | {"endExcluding":"2.4.7"} | 2.4.7 |
| litespeedtech | litespeed_whm_plugin | {"endExcluding":"5.3.1.0"} | 5.3.1.0 |
References
- https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel
- https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
- https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172
- https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172
CWEs
CWE-266
Verify integrity in audit chain (admin only). AS-IS.