Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 18.9%top 3.0%

CVE-2026-48172: CWE-266 Incorrect Privilege Assignment in LiteSpeed Technologies cPanel Plugin

0
Critical
VulnerabilityCVE-2026-48172cvecve-2026-48172cwe-266
Published: 05/21/2026 (05/21/2026, 00:38:04 UTC)
Source: CVE Database V5
Vendor/Project: LiteSpeed Technologies
Product: cPanel Plugin

Description

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.

CVSS v4.0

Score 10.0critical

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Vuln. Confidentiality
High
Vuln. Integrity
High
Vuln. Availability
High
Subsq. Confidentiality
High
Subsq. Integrity
High
Subsq. Availability
High
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected software

GitHub Actionsmore threats →ai
litespeedtech/cpanel-plugin
pkg:github/litespeedtech/cpanel-plugin
Affected versions
=2.3

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/28/2026, 20:18:49 UTC

Technical Analysis

This vulnerability (CVE-2026-48172) involves incorrect privilege assignment (CWE-266) in the LiteSpeed Technologies cPanel Plugin prior to version 2.4.5. It allows an attacker to escalate privileges, possibly to root, by exploiting mishandling of Redis enable/disable functionality. Detection involves searching cPanel log files for specific API function calls indicative of exploitation attempts. The vendor recommends upgrading to at least version 2.4.7 to address the issue. The CVSS 4.0 base score is 10.0, indicating critical severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, availability, scope, and security requirements.

Potential Impact

Successful exploitation can lead to privilege escalation, potentially granting root-level access on affected systems. This could allow attackers full control over the compromised server, leading to complete system compromise. The vulnerability affects LiteSpeed cPanel Plugin versions before 2.4.5. There is no explicit confirmation of known exploits in the wild, but the description mentions exploitation in May 2026. The critical CVSS score reflects the severity of impact.

Mitigation Recommendations

The vendor recommends upgrading the LiteSpeed cPanel Plugin to version 2.4.7 or later. Detection can be performed by running the provided grep command to identify potential exploitation traces in cPanel log files. If suspicious IP addresses are found, they should be verified and blocked if unauthorized. Since no official patch or remediation level is explicitly stated, users should prioritize upgrading to the recommended minimum version. Patch status is not yet confirmed in the vendor advisory; check the vendor's official channels for current remediation guidance.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
mitre
Date Reserved
2026-05-21T00:38:03.845Z
Cvss Version
4.0
State
PUBLISHED
Remediation Level
null

Threat ID: 6a0eee5b7b8e1438d0bb6cd3

Added to database: 05/21/2026, 11:36:59 UTC

Last enriched: 05/28/2026, 20:18:49 UTC

Last updated: 07/09/2026, 19:47:32 UTC

Views: 453

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses