CVE-2026-48172: LiteSpeed User‑End cPanel Plugin Privilege Escalation Under Active Exploitation
Patch: Update the LiteSpeed User‑End cPanel Plugin to the latest patched version to eliminate CVE‑2026‑48172 before exploitation.
Patch: Update the LiteSpeed User‑End cPanel Plugin to the latest patched version immediately.
Summary
LiteSpeed has disclosed a critical vulnerability, CVE‑2026‑48172, affecting its User‑End cPanel Plugin. The flaw, rated CVSS 10.0, results from incorrect privilege assignment that allows attackers to execute arbitrary scripts with elevated permissions. Active exploitation has already been observed in the wild, meaning attackers can gain full control over affected cPanel accounts. The vulnerability impacts all installations of the LiteSpeed User‑End plugin, regardless of version. The flaw can be leveraged to bypass authentication and run malicious code on the server. Administrators should immediately apply the latest plugin update that patches the privilege escalation. Failure to patch could lead to complete server compromise and data loss. The issue underscores the importance of keeping cPanel plugins up to date and monitoring for suspicious script execution.
Key changes
- CVE‑2026‑48172 is a privilege‑escalation flaw in LiteSpeed User‑End cPanel Plugin
- CVSS score 10.0 indicates maximum severity
- Attackers can execute arbitrary scripts with elevated permissions
- Active exploitation observed in the wild
- Affects all installations of the plugin, regardless of version
- Patch available in the latest plugin update
- Failure to patch can lead to full server compromise
- Administrators must update immediately