David Strydom

**Name of the Vulnerable Software and Affected Versions** LiteSpeed User-End cPanel Plugin versions prior to 2.4.5 **Description** An issue in the mishandling of Redis enable/disable features, specifically within the `lsws.redisAble` function, allows for incorrect privilege assignment. This flaw enables an unauthenticated remote attacker to escalate privileges, potentially to root, and execute arbitrary scripts or code on the server. The issue was actively exploited in the wild in May 2026, with reports indicating it was used in mass campaigns targeting shared hosting at a global scale. **Recommendations** Update LiteSpeed User-End cPanel Plugin to version 2.4.7 or later. Uninstall the plugin to mitigate risks. As a temporary measure, use the command `grep -rE "cpanel jsonapi func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null` in Bash to detect exploitation; if output is found, block the identified invalid IP addresses and examine system logs to determine the extent of the damage.