CVE-2026-48172
Description
LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.
CISA KEV
- Vendor
- LiteSpeed
- Product
- cPanel Plugin
- Due date
- 2026-05-29
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| litespeedtech | litespeed_cpanel_plugin | {"endExcluding":"2.4.7"} | 2.4.7 |
| litespeedtech | litespeed_whm_plugin | {"endExcluding":"5.3.1.0"} | 5.3.1.0 |
References
- https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel
- https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log
- https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172
- https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172
CWEs
CWE-266
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.