Privilege Escalation Vulnerability in LiteSpeed User-End cPanel Plugin
CVE-2026-48172

10CRITICAL

Key Information:

Vendor

Litespeed Technologies

Status
Cpanel Plugin
Whm Plugin
Vendor
CVE Published:
21 May 2026

Badges

πŸ“ˆ Score: 1,040πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2026-48172?

CVE-2026-48172 is a privilege escalation vulnerability found in the LiteSpeed User-End cPanel Plugin, specifically in versions prior to 2.4.5. This vulnerability allows an attacker to potentially escalate their privileges to the root level, which can have severe implications for security and data integrity. The LiteSpeed User-End cPanel Plugin is designed to facilitate web hosting management through the cPanel interface, a popular control panel for managing web servers. If exploited, this vulnerability can allow unauthorized users to gain elevated privileges, leading to unauthorized access, modification of system settings, and possibly control over sensitive data and resources.

The vulnerability arises from improper handling of Redis enable/disable features, compromising the security measures in place that are intended to prevent unauthorized access. Organizations running vulnerable versions of the plugin are at risk, as active exploitation has been reported, further emphasizing the importance of timely updates and monitoring.

Potential Impact of CVE-2026-48172

  1. Unauthorized Access: Attackers may exploit this vulnerability to gain root access to systems, allowing them to execute arbitrary commands, alter configurations, and access sensitive data, undermining the confidentiality and integrity of the environment.

  2. Data Breaches: With elevated privileges, an attacker can potentially extract, modify, or delete critical information, leading to data loss or exposure of sensitive customer data, which can have legal and financial repercussions for the organization.

  3. System Control and Manipulation: The ability to escalate privileges can enable attackers to manipulate system functionalities, install malicious software, or create backdoors for future access, enhancing the overall attack surface and complicating remediation efforts.

Affected Version(s)

cPanel Plugin Linux 2.3 < 2.4.7

WHM Plugin Linux 0 < 5.3.1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-48172
Created by HORKimhab

News Articles

favicon imageThe Hacker News

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

CVE-2026-48172 lets cPanel users run scripts as root, affecting LiteSpeed plugin 2.3–2.4.4 and exposing servers.

13 hours ago

favicon imageNewsbreak

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root - NewsBreak

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as C

13 hours ago

References

https://www.litespeedtech.com/products/litespeed-web-serv...
https://www.litespeedtech.com/products/litespeed-web-serv...

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by Newsbreak

  • Vulnerability published

  • Vulnerability Reserved

.