Home · Live brief · Weekly 2026-W21
CVE-2026-48172 — LiteSpeed User-End cPanel plugin: authenticated cPanel user to root, actively exploited
Part of run 2026-W21-473d6fa5 (weekly · Claude Opus 4.7)
CVE-2026-48172 (CWE-266 incorrect privilege assignment, CVSS 10.0) in the LiteSpeed User-End cPanel plugin versions 2.3–2.4.4 lets an authenticated cPanel user escalate to root via the lsws.redisAble path, and is actively exploited. Shared-hosting and managed-WordPress estates running cPanel + LiteSpeed are the exposed population — a single low-privilege hosting account becomes root on the node. Patch to the vendor-recommended build (LiteSpeed advises 2.4.7 / WHM plugin 5.3.1.0) immediately and audit for unexpected root-level cron or service modifications on affected nodes.
“CVE-2026-48172 (CWE-266 incorrect privilege assignment, CVSS 10.0) in the LiteSpeed User-End cPanel plugin versions 2.3–2.4.4 lets an authenticated cPanel user escalate to root via the lsws.redisAble path, and is actively exploited.” — ctipilot v2 brief (migrated)