LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
23 May 2026
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild.
The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions.
"Any cPanel user (including an attacker or a compromised account) may