Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LiteSpeed User-End cPanel Plugin root script execution security flaw (CVE-2026-48172)

Vulnerability
First reported
Last updated
Happening score
H score 53
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2026-48172 in the LiteSpeed User-End cPanel Plugin is now actively exploited, creating root-level arbitrary script execution risk for exposed cPanel systems. The flaw is an incorrect privilege assignment issue affecting plugin versions 2.3 through 2.4.4, and LiteSpeed fixed it in 2.4.5. Operators should treat affected servers as urgent patch candidates and investigate the published lsws.redisAble indicator of compromise.

Related Happenings

CPanel CVE-2026-41940 mitigation guidance

Advisory/Mitigation
First: 30.04.2026 14:40 Last: 30.04.2026 14:40 Sources 1

About this happening: cPanel issued mitigation guidance for **CVE-2026-41940** after fixes became available for **cPanel, WHM, and WP Squared**, urging customers to restart **cpsrvd** to reduce exposur...

Open Happening

Linux distributions mitigation advisories for CVE-2026-31431

Advisory/Mitigation
First: 30.04.2026 12:24 Last: 30.04.2026 12:24 Sources 1

About this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...

Open Happening

CPanel and WHM authentication bypass (CVE-2026-41940)

Vulnerability
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel and WHM** are affected by **CVE-2026-41940**, an **authentication bypass** in the login flow that can let **unauthenticated remote attackers** gain control-panel access....

Open Happening

CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008

Public Sector Action
First: 03.10.2025 11:23 Last: 03.10.2025 11:23 Sources 1

About this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...

Open Happening

Timeline

  1. 23.05.2026 10:35 3 articles · 4d ago

    LiteSpeed discloses active exploitation of CVE-2026-48172

    Initial Disclosure

    LiteSpeed User-End cPanel Plugin CVE-2026-48172 is being actively exploited in the wild. The incorrect privilege assignment flaw lets a cPanel user, including an attacker or compromised account, abuse the lsws.redisAble function to execute arbitrary scripts as root on affected systems. The vulnerable range is plugin versions 2.3 through 2.4.4, the issue is fixed in 2.4.5, and LiteSpeed also released cPanel plugin 2.4.7 bundled with WHM plugin 5.3.1.0 after patching additional potential attack vectors in both plugins. LiteSpeed published a grep check for cpanel_jsonapi_func=redisAble, and security researcher David Strydom is credited with discovering and reporting the flaw.

    Show sources
    Open in new tab