CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day

securityweek.com·May 27, 2026

CISA has urged federal agencies to urgently patch a critical vulnerability in the LiteSpeed user-end plugin for cPanel, tracked as CVE-2026-48172, which allows attackers to execute arbitrary scripts with root privileges. The flaw has been actively exploited, and users are advised to upgrade to the patched version or remove the vulnerable plugin to mitigate risks.

The critical vulnerability CVE-2026-48172 in the LiteSpeed user-end plugin for cPanel, with a CVSS score of 9.8, is actively exploited and allows privilege escalation. CISA recommends immediate patching or removal of the plugin to prevent unauthorized root access. Ensure all systems are updated to the latest version (2.4.7) or completely remove the plugin if patching isn't feasible.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Red Hat npm packages compromised to steal developer credentials

Spain arrests doxer leaking sensitive data of govt employees

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites