The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical vulnerability in the LiteSpeed cPanel plugin that is being actively exploited in attacks.
The flaw, tracked as CVE-2026-48172, affects the LiteSpeed cPanel user-end plugin and can allow attackers to execute arbitrary scripts with root privileges due to an improper privilege assignment issue.
On Tuesday, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and gave federal agencies until May 29 to secure affected systems under Binding Operational Directive 22-01.
LiteSpeed warned that the vulnerability impacts plugin versions between 2.3 and 2.4.4 and confirmed that exploitation attempts are already occurring in the wild. The company released emergency security updates and urged administrators to update immediately.
According to the vendor, attackers can abuse the flaw through the plugin’s Redis management functionality to run malicious scripts with elevated privileges, potentially leading to full server compromise.
LiteSpeed also published guidance for administrators to check server logs for indicators of compromise and block suspicious IP addresses associated with exploitation attempts.
While the directive only applies to US federal agencies, CISA urged all organizations using the affected plugin to prioritize patching due to the ongoing attacks.
The warning follows previous large-scale attacks targeting cPanel infrastructure. Earlier this year, researchers reported a campaign that compromised more than 44,000 cPanel servers worldwide through credential theft and automated exploitation activity, highlighting the continued interest of threat actors in hosting management platforms.
cPanel and WHM are widely used web hosting management platforms powering millions of websites worldwide. Vulnerabilities affecting hosting control panels are often heavily targeted because successful exploitation can provide attackers with broad access to hosted websites, databases, and administrative systems.
Leave a Reply