Critical Security Alert: Patch LiteSpeed cPanel Plugin Immediately

Post Views: 6

Federal Agencies Urged to Patch Critical Vulnerability in LiteSpeed cPanel Plugin

The United States Computer Emergency Readiness Team (CERT) has issued an advisory urging federal agencies to promptly address a severe vulnerability in the LiteSpeed user-end plugin for cPanel. The flaw, tracked as CVE-2026-48172, allows an attacker to escalate privileges and execute arbitrary scripts with root permissions. This issue has been actively exploited in the wild as a zero-day.

LiteSpeed Resolves Security Defect

LiteSpeed resolved the security defect in version 2.4.5 of the user-end plugin and emphasized that the vulnerability affects all user-end plugin versions between v2.3 and v2.4.4. The company has provided instructions on how to identify affected systems and recommended immediate action to prevent exploitation.

According to LiteSpeed, “Users are advised to upgrade to LiteSpeed WHM Plugin version 5.3.1.0 or higher, which contains patches for the vulnerability. If patching is not feasible, removing the plugin entirely is suggested.”

cPanel Takes Action

cPanel has pushed a nightly update that removes the LiteSpeed user-end plugin for all cPanel versions. On May 19, cPanel addressed the issue by pushing a nightly update that removed the LiteSpeed user-end plugin for all cPanel versions. The exploited CVE allowed unauthorized root access to the server.

The United States CERT added CVE-2026-48172 to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it or remove the vulnerable plugin versions by May 29, in accordance with Binding Operational Directive (BOD) 22-01 guidance.

Additional Advisories and Updates

In response to the vulnerability, several prominent companies have released advisories and updates. For instance, the popular web hosting service, 7-Eleven, has announced a data breach affecting over 185,000 customers. Meanwhile, Iranian state-sponsored hackers have targeted aviation and software companies using updated tools.

Organizations are advised to remain vigilant and take proactive measures to mitigate the risks associated with this vulnerability. By staying informed and taking prompt action, federal agencies can minimize the impact of this exploit and ensure the continued integrity of their systems.