LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch Release
Summary
Hide ▲
Show ▼
LiteSpeed released urgent security updates for the cPanel user-end plugin after CVE-2026-48172 was found to be actively exploited, reducing exposure for systems running the bundled WHM plugin. The vendor told users to move the plugin to the latest version. The release targets a flaw that can give remote attackers root privileges.
Related Happenings
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/Mitigation
H score38
First: 29.06.2026 10:06
Last: 29.06.2026 10:06
Sources 1
About this happening:
**NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/MitigationAbout this happening: **NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
F5 security patch release for CVE-2026-42530
Security Patch Release
H score39
First: 18.06.2026 20:32
Last: 18.06.2026 20:32
Sources 1
About this happening:
**F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
F5 security patch release for CVE-2026-42530
Security Patch ReleaseAbout this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch Release
H score46
First: 17.06.2026 13:09
Last: 17.06.2026 13:09
Sources 1
About this happening:
**JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch ReleaseAbout this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseAbout this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
How related:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin.
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationHow related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin.
About this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
Timeline
-
16.06.2026 13:47 1 articles · 23d ago
CISA orders agencies to patch actively exploited LiteSpeed cPanel plugin flaw
Legal Policy Action UpdateCISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.
Show sources
- CISA warns of another cPanel plugin flaw exploited in attacks — www.bleepingcomputer.com — 16.06.2026 13:47
-
27.05.2026 13:06 2 articles · 1mo ago
Initial report: LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Initial DisclosureLiteSpeed pushed an urgent patch for the **cPanel user-end plugin** after exploitation emerged for **CVE-2026-48172**. The update provides remediation for the vulnerable plugin bundled with the **WHM plugin**.
Show sources
- CISA gives feds 4 days to patch actively exploited cPanel plugin flaw — www.bleepingcomputer.com — 27.05.2026 13:06
- CISA gives feds 4 days to patch actively exploited cPanel plugin flaw — www.bleepingcomputer.com — 27.05.2026 13:06