CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2026-48172, a privilege escalation vulnerability in the LiteSpeed cPanel Plugin, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation, highlighting it as a significant risk to the federal enterprise.
IFF Assessment
The inclusion of a new vulnerability in CISA's KEV Catalog signifies an active exploitation and potential threat to organizations, making it bad news for defenders.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: May 29, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching CVE-2026-48172 immediately, especially if they utilize LiteSpeed cPanel Plugin. Its inclusion in the KEV catalog indicates active exploitation, meaning attackers may already be leveraging this flaw.