A maximum-severity vulnerability in the LiteSpeed User-End cPanel Plugin is being exploited in the wild. The flaw, CVE-2026-48172 with a CVSS score of 10.0, involves incorrect privilege assignment that allows an attacker to execute arbitrary scripts with elevated permissions. Any cPanel user, including an attacker or a compromised account, can abuse the lsws.redisAble function to run scripts as root. Affected versions include plugin releases between 2.3 and 2.4.4, while the LiteSpeed WHM plugin is not impacted. The issue is fixed in cPanel plugin version 2.4.5 and later, with additional hardening released in cPanel plugin 2.4.7 bundled with WHM plugin 5.3.1.0. Indicators of compromise can be checked by searching cPanel logs for cpanel_jsonapi_func=redisAble, and suspicious IPs should be blocked. If patching is not possible, the user-end plugin can be uninstalled.
"Users are advised to upgrade to LiteSpeed WHM Plugin version 5.3.1.0, which is bundled with cPanel plugin v2.4.7 or higher, to patch the vulnerability. If immediate patching is not an option, it's recommended to remove the user-end plugin by running the below command - /usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall"
#cve-2026-48172 #cpanel-plugin-security #privilege-escalation #remote-code-execution #indicators-of-compromise
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]