CYBERSECURITY

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

by Techaiapp
2 minutes read


Ravie LakshmananMay 23, 2026Vulnerability / Web Security

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild.

The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions.

“Any cPanel user (including an attacker or a compromised account) may exploit the lsws.redisAble function to execute arbitrary scripts as root,” LiteSpeed said.

The vulnerability impacts all versions of the plugin between 2.3 and 2.4.4. LiteSpeed’s WHM plugin is not impacted. The issue has been addressed in version 2.4.5. Security researcher David Strydom has been credited with discovering and reporting the flaw.

LiteSpeed noted that the “vulnerability is being actively exploited,” but refrained from sharing additional details. It has shared the following indicator of compromise –


grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null

If running the aforementioned “grep” command does not produce any output, the server is not affected. However, if there is any output, users are advised to examine the IP addresses in the list and determine if they are legitimate, and if not, block them.

Cybersecurity

Following a security review of its cPanel and WHM plugins in the wake of the vulnerability, LiteSpeed said it has patched additional potential attack vectors in both plugins and released cPanel plugin version 2.4.7 bundled with WHM plugin version 5.3.1.0.

Users are advised to upgrade to LiteSpeed WHM Plugin version 5.3.1.0, which is bundled with cPanel plugin v2.4.7 or higher, to patch the vulnerability. If immediate patching is not an option, it’s recommended to remove the user-end plugin by running the below command –


/usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall

The development comes weeks after a critical cPanel vulnerability (CVE-2026-41940, CVSS score: 9.8) was identified as actively exploited by unknown threat actors to deploy Mirai botnet variants and a ransomware strain called Sorry.



Source link

You may also like

Turla Turns Kazuar Backdoor Into Modular P2P Botnet...

cPanel, WHM Release Fixes for Three New Vulnerabilities...

Trellix Confirms Source Code Breach With Unauthorized Repository...

CISA Adds 4 Exploited Flaws to KEV, Sets...

[Webinar] Eliminate Ghost Identities Before They Expose Your...

Citizen Lab: Law Enforcement Used Webloc to Track...

China-Linked TA416 Targets European Governments with PlugX and...

CISA Adds CVE-2025-53521 to KEV After Active F5...

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across...

Chinese Hackers Target Southeast Asian Militaries with AppleChris...

Transparent Tribe Uses AI to Mass-Produce Malware Implants...

Pentagon Designates Anthropic Supply Chain Risk Over AI...

Anthropic Launches Claude Code Security for AI-Powered Vulnerability...

Google Ties Suspected Russian Actor to CANFAIL Malware...

China-Linked DKnife AitM Framework Targets Routers for Traffic...

145K+

Subscribers

3k+

Videos Published

1062960+

Total Views

2017

Since Years Active

SHOP FAST WITH OUR APP

KIMLUD app

About Us

Welcome to Techaiapp, your premier destination for comprehensive digital tech news. Our platform is dedicated to providing the latest insights and updates across a plethora of technological fields, including artificial intelligence, AI applications.

Resources

Menu

Recent Posts

AR & VR for education help students to learn more and better
by AubreyNN
21,000 Square Foot Georgia Home With 12 Bedrooms & 15 Bathrooms (PHOTOS + FLOOR PLANS)
by AubreyNN
Top 4 AI & VR stocks of 2021
by AubreyNN
AI Applications in Smart City & Smart Transportation provided by EverFocus
by AubreyNN
19,000 Square Foot Castle-Like Stone & Brick Home In Southlake, Texas (PHOTOS & 3D TOUR)
by AubreyNN
100+ Acre Mississippi Estate With Indoor Pool & Indoor Basketball Court (PHOTOS)
by AubreyNN
6 ways VR & AR help you fight Climate Change
by AubreyNN
City Tours with AR & VR: travel beyond the limits
by AubreyNN

Popular Posts

SpeechBrain: A PyTorch-based Speech Toolkit
by Techaiapp
Pushing the frontiers of audio generation
by Techaiapp
Building safer dialogue agents – Google DeepMind
by Techaiapp
Watch a Robot Arm Thrower, Curiosity’s New Terrain, and more
by Techaiapp
Sundar Pichai introduces Ultra 1.0 in Gemini Advanced
by Techaiapp
Study: Firms often use automation to control certain workers’ wages | MIT News
by Techaiapp
DigiKey, onsemi discuss the intersection of robotics and physical AI
by Techaiapp

TECH

GraphIC: A Novel Machine Learning Approach that Leverages Graph-based Representations of Reasoning Processes Coupled with Bayesian Networks (BNs) to Select In-Context Examples (ICE)
by Techaiapp
MIT researchers use large language models to flag problems in complex systems | MIT News
by Techaiapp
A Hands-On Guide to Testing Agents with RAGAs and G-Eval
by Techaiapp
HAC++: Revolutionizing 3D Gaussian Splatting Through Advanced Compression Techniques
by Techaiapp
Tracing the evolution of proteins back to the origin of life
by Techaiapp
Liquid AI’s LFM2-VL-3B Brings a 3B Parameter Vision Language Model (VLM) to Edge-Class Devices
by Techaiapp
New technique makes AI models leaner and faster while they’re still learning | MIT News
by Techaiapp

Stay Updated with Our Insights

Facebook X-twitter Instagram Pinterest Tumblr Youtube Heart Snapchat Twitch Rss Tiktok Patreon Icon-cursor Threads Telegram
© 2026 TECHAIAPP.COM – A REGISTERED BRAND OF KIMLUD.COM – ALL RIGHTS RESERVED.
Menu

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has
Close
 
Send this to a friend