LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Summary
A critical vulnerability, CVE-2026-48172, in the LiteSpeed User-End cPanel Plugin is actively being exploited. The flaw allows attackers to execute arbitrary scripts with root privileges by exploiting an incorrect privilege assignment.
IFF Assessment
This vulnerability allows attackers to gain elevated privileges and execute arbitrary code, posing a significant risk to systems and data.
Severity
The vulnerability has a maximum severity score of 10.0 due to its ability to allow an attacker to run arbitrary scripts with root privileges, indicating a critical level of impact and exploitability.
Defender Context
This active exploitation of a critical vulnerability highlights the immediate need for administrators to patch or update the LiteSpeed User-End cPanel Plugin. Defenders should monitor systems for signs of unauthorized script execution or privilege escalation attempts related to this plugin.