—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in LiteSpeed  cPanel Plugin

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

LiteSpeed User-End cPanel Plugin versions prior to 2.4.5

Overview

A vulnerability has been reported in LiteSpeed cPanel Plugin which could allow an attacker to gain elevated privileges on the targeted system.

Target Audience:

Web hosting providers, server administrators, and cPanel users managing LiteSpeed-powered shared hosting environments.

Risk Assessment:

High risk of privilege escalation, full server compromise.

Impact Assessment:

Potential for root-level access, server compromise, disruption of hosted services.

Description

LiteSpeed User-End cPanel Plugin is a management plugin that allows users to manage LiteSpeed Web Server features directly through the cPanel interface.

A vulnerability exists in the LiteSpeed cPanel Plugin due to an error in the lsws.redisAble function.

Successful exploitation of this vulnerability could allow an attacker to gain elevated privileges on the targeted system.

Solution

Apply appropriate updates as mentioned:

https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/

Vendor Information

 

https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/

References

 

https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/

CVE Name

CVE-2026-48172

 

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoZaDEACgkQ3jCgcSdc

ys977RAAnSEfdNNFFDL9tzAMg0UifYJN46Nzme4zmeT5n+2orQimfZNTz7tYxY5E

VxN6GT++71d6cM9exMP5dztNgusATwJODMoXX35oeyxaI8wwCRcQcMLEpqqkh2PV

04csK4qmXs/DHgDhS2P+NY+qsqaRNt8PNSfO4Q9Cokv3L3mvZfR3Y8fHsGMePY6w

nHKngAgZdQR6Dzl777WK4gGANy2KDgXiISVaYiBuSPqWV4OCu9+srcqVXIT8Vlpu

dnHbsczL+fIP4iaF9/wO7VLB8Xy9LRaAe+T+SSrZaQqF3UTRbBQXEZPM3BEVz2NR

EOIDpKss3DZxd6y7RwWkwPUs2Pr52V2EGVG3F7HxbzuiJRlap/A1438wgbADZfwT

1F4EuQHXnORcL5zRz1edWZ0w2MCQBHThL9k0VU+XJVEqU4a/yQY+ciUezYVIehZn

wjGwj90FlsJmEBqsLCLXJT8mcjcGZRvdGrNBXog3LL5smoFkVPgykeE2HL5lPsqQ

7sxRV9uZjk+n8BYqsOyOZZwds/FMlDvGrXCWnXT/E3wAj3Ex7x2uEM9T58RxcZWl

mO8z6vf2aXHSIJVamNLHgUgIvuUiOyq9kDtx8eeIIGHwwv/LbRQDNy5p/pp1Ze2p

Nlr81XKDQpR46U3SQhIFQGLkJm4/GFHOd4ahLpImIINn6/AlCDo=

=/54E

—–END PGP SIGNATURE—–