← back
CVE-2026-48172

CVE-2026-48172

CVSS 10 CRITICALEPSS 18.9%● KEVCWE-266
In short

LiteSpeed's cPanel plugin before version 2.4.5 has a critical flaw that lets attackers gain root-level control over a server. This vulnerability was actively exploited in May 2026 and affects how the plugin manages Redis settings.

Technical detail

CVE-2026-48172 is a privilege escalation vulnerability in LiteSpeed User-End cPanel Plugin (CWE-266) caused by improper handling of Redis enable/disable functionality. An attacker can exploit this to escalate privileges to root level; detection involves searching logs for 'cpanel_jsonapi_func=redisAble' patterns. Upgrade to version 2.4.7 or later to remediate.

Summary generated and translated by AI from the official description.
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
LiteSpeed Technologies · cPanel PluginLiteSpeed Technologies · WHM Plugin
public PoCs found3
githubgithub.com/HORKimhab/CVE-2026-481721githubgithub.com/retmakarunia/CVE-2026-481720githubgithub.com/fevar54/CVE-2026-48172---LiteSpeed-cPanel-Plugin-Version-Auditor0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanelhttps://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log