PT-2026-42359 · Cpanel · Litespeed User-End Cpanel Plugin
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
LiteSpeed User-End cPanel Plugin versions prior to 2.4.5
Description
An issue in the mishandling of Redis enable/disable features, specifically within the
lsws.redisAble function, allows for incorrect privilege assignment. This flaw enables an unauthenticated remote attacker to escalate privileges, potentially to root, and execute arbitrary scripts or code on the server. The issue was actively exploited in the wild in May 2026, with reports indicating it was used in mass campaigns targeting shared hosting at a global scale.Recommendations
Update LiteSpeed User-End cPanel Plugin to version 2.4.7 or later.
Uninstall the plugin to mitigate risks.
As a temporary measure, use the command
grep -rE "cpanel jsonapi func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash to detect exploitation; if output is found, block the identified invalid IP addresses and examine system logs to determine the extent of the damage.Fix
RCE
LPE
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Litespeed User-End Cpanel Plugin