Critical Zero-Day Vulnerability in LiteSpeed cPanel Plugin Actively Exploited

Critical Zero-Day Vulnerability in LiteSpeed cPanel Plugin Actively Exploited

First seen 23 May 2026, 10:55 UTC CybersecuritynewsThehackernewsGbhackersRescananvd.nist.gov+10 90% similarity 86.0

Article Content

Browse articles
ThreatCluster

A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being exploited in the wild, allowing authenticated cPanel users to execute arbitrary scripts as root. This flaw, tracked as CVE-2026-48172, has a maximum CVSS score of 10.0 and affects versions from v2.3 to below v2.4.5. The vulnerability was disclosed and patched on May 21, 2026, but active exploitation has been reported. Server administrators are urged to update their systems immediately to mitigate risks. The flaw enables full server control for attackers, posing a significant threat to Linux hosting environments. The situation remains critical as attackers may still be leveraging the unpatched versions.

Key Points: • CVE-2026-48172 is a critical zero-day vulnerability with a CVSS score of 10.0. • The vulnerability allows authenticated users to execute scripts as root, compromising server control. • A patch was released on May 21, 2026, but active exploitation is ongoing.

ThreatCluster AI

Timeline

2026-05-21
CVE-2026-48172 published
LiteSpeed disclosed a critical privilege escalation vulnerability in its cPanel plugin, affecting versions from v2.3 to below v2.4.5.
Gbhackers
2026-05-21
Patch released
LiteSpeed released a patch for the critical vulnerability, urging users to update their systems immediately.
Cybersecuritynews
Recent
Active exploitation reported
Reports indicate that the vulnerability is being actively exploited to gain root access on Linux hosting servers.
Gbhackers

Community

Browse all →