Skip to content

LiteSpeed cPanel Plugin: Critical Security Vulnerability Under Active Exploitation

Bottom line: The critical security vulnerability CVE-2026-48172 in LiteSpeed cPanel Plugin (versions 2.3–2.4.4) is actively being exploited. It allows cPanel users to execute scripts with root privileges. An update to version 2.4.7 or uninstallation of the plugin is recommended.

A critical security vulnerability in the LiteSpeed User-End cPanel Plugin is currently being actively exploited on the Internet. The vulnerability CVE-2026-48172 with the highest severity rating allows attackers to execute arbitrary scripts with administrator rights.

A critical security vulnerability in the LiteSpeed User-End cPanel Plugin is currently being actively exploited on the Internet. The security flaw designated as CVE-2026-48172 has a maximum CVSS score of 10.0 and results from faulty privilege assignment that allows attackers to execute arbitrary scripts with elevated permissions.

LiteSpeed warned that any cPanel user – including attackers or compromised accounts – can exploit the lsws.redisAble function to execute scripts with root permission. The vulnerability affects all versions of the plugin between 2.3 and 2.4.4. The WHM plugin from LiteSpeed is not affected.

Security researcher David Strydom is credited with discovering and reporting the vulnerability. Although LiteSpeed confirmed that the vulnerability is being actively exploited, the company did not share additional details.

To check for possible compromises, LiteSpeed recommends the following command: grep -rE “cpanel_jsonapi_func=redisAble” /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null. If execution returns no results, the server is not affected. If results are displayed, it is recommended to check the IP addresses and block suspicious entries.

In the course of a comprehensive security review of both plugins, LiteSpeed identified additional potential attack vectors and released cPanel Plugin Version 2.4.7 together with WHM Plugin Version 5.3.1.0.

Users should update to LiteSpeed WHM Plugin Version 5.3.1.0 or higher, which is bundled with cPanel Plugin v2.4.7 or higher. If immediate updating is not possible, uninstalling the plugin by executing /usr/local/lsws/admin/misc/lscmctl cpanelplugin –uninstall is recommended.

Share on: