PT-2026-42359 · Cpanel · Litespeed User-End Cpanel Plugin

·

CVE-2026-48172

·

Published

2026-05-21

·

Updated

2026-06-17

CVSS v4.0

10

Critical

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions LiteSpeed User-End cPanel Plugin versions prior to 2.4.5
Description An issue in the mishandling of Redis enable/disable features, specifically within the lsws.redisAble function, allows for incorrect privilege assignment. This flaw enables an unauthenticated remote attacker to escalate privileges, potentially to root, and execute arbitrary scripts or code on the server. The issue was actively exploited in the wild in May 2026, with reports indicating it was used in mass campaigns targeting shared hosting at a global scale.
Recommendations Update LiteSpeed User-End cPanel Plugin to version 2.4.7 or later. Uninstall the plugin to mitigate risks. As a temporary measure, use the command grep -rE "cpanel jsonapi func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash to detect exploitation; if output is found, block the identified invalid IP addresses and examine system logs to determine the extent of the damage.

Fix

RCE

LPE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-48172

Affected Products

Litespeed User-End Cpanel Plugin