CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
Summary
A privilege escalation vulnerability (CVE-2026-48172) has been identified in the LiteSpeed cPanel Plugin. This flaw allows any cPanel user to execute arbitrary scripts with root privileges through the user-end plugin. Organizations are advised to apply vendor mitigations, adhere to BOD 22-01 guidance for cloud services, or cease using the product if mitigations are not feasible.
IFF Assessment
This vulnerability allows for privilege escalation, enabling attackers to gain root access and execute arbitrary code, which is detrimental to defender's security posture.
Severity
The vulnerability allows privilege escalation via the user-end plugin, enabling arbitrary script execution with root privileges. This indicates a high attack vector and significant impact on confidentiality, integrity, and availability.
CISA KEV: Listed as actively exploited. Federal patch due: May 29, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability highlights the risk of privilege escalation within cPanel environments, a common infrastructure for web hosting. Defenders should prioritize patching or mitigating this issue promptly to prevent unauthorized root access and potential system compromise. Monitoring for suspicious script execution originating from user accounts on systems with this plugin is also recommended.