LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. "Any cPanel user (including an attacker or a compromised account) may exploit the lsws.redisAble function to execute arbitrary scripts as root," LiteSpeed said. The vulnerability impacts all versions of the plugin between 2.3 and 2.4.4. LiteSpeed's WHM plugin is not impacted. The issue has been addressed in version 2.4.5. Security researcher David Strydom has been credited with discovering and reporting the flaw. LiteSpeed noted that the "vulnerability is being actively exploited," but refrained from sharing additional details. It has provided the following indicator of compromise - grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null If running the aforementioned "grep" command does not produce any output, the server is not affected. However, if there is any output, users are advised to examine the IP addresses in the list and determine if they are legitimate, and if not, block them. Following a security review of its cPanel and WHM plugins in the wake of the vulnerability, LiteSpeed said it has patched additional potential attack vectors in both plugins and released cPanel plugin version 2.4.7 as part of WHM plugin version 5.3.1.0. Users are advised to upgrade to LiteSpeed WHM Plugin version 5.3.1.0, which is bundled with cPanel plugin v2.4.7 or higher, to patch the vulnerability. If immediate patching is not an option, it's recommended to remove the user-end plugin by running the below command - /usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall The development comes weeks after a critical cPanel vulnerability (CVE-2026-41940, CVSS score: 9.8) was identified as actively exploited by unknown threat actors to deploy Mirai botnet variants and a ransomware strain called Sorry. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cPanel, cybersecurity, LiteSpeed, privilege escalation, ransomware, Vulnerability, WHM ⚡ Top Stories This Week Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages Load More ▼ ⭐ Featured Resources Identify Internal Attack Surfaces More Efficiently With a Free Assessment [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk [Webinar] Learn How to Handle Critical SOC Alerts With AI Support [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage