CISA Demands Urgent Fix for Exploited LiteSpeed Flaw

CISA Demands Urgent Fix for Exploited LiteSpeed Flaw

Posted on By CWS

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent call to federal agencies to address a critical vulnerability in the LiteSpeed user-end plugin for cPanel. This flaw has been actively exploited, posing significant risks to systems.

Critical Vulnerability Identified

Identified as CVE-2026-48172, the vulnerability has received a CVSS score of 9.8, highlighting its severe impact. The issue allows unauthorized privilege escalation, enabling attackers to execute scripts with root access. Although LiteSpeed has released a fix in version 2.4.5, the flaw remains a concern due to its continued exploitation in the wild.

Importantly, the LiteSpeed WHM plugin is not affected by this flaw. However, all user-end plugin versions between 2.3 and 2.4.4 are vulnerable.

Immediate Actions Recommended

LiteSpeed has urged users to inspect server IPs for unusual activity and advised immediate patching. If patches cannot be applied, complete removal of the plugin is recommended. The company also provided guidelines for checking system logs to identify potential breaches.

To mitigate the risk, users should upgrade to LiteSpeed WHM Plugin version 5.3.1.0, which includes the user-end plugin version 2.4.7 or higher, where patches for the vulnerability are available.

CISA’s Directive and Broader Implications

In line with Binding Operational Directive (BOD) 22-01, CISA has included CVE-2026-48172 in its Known Exploited Vulnerabilities catalog. Federal bodies are instructed to address or remove the vulnerable plugin versions by May 29 to prevent unauthorized root access incidents.

This situation underscores the ongoing challenge of zero-day vulnerabilities and the critical need for timely updates in cybersecurity protocols. Related incidents, such as the exploitation of KnowledgeDeliver zero-day and Ghost CMS vulnerabilities, emphasize the growing trend of vulnerability exploitation as a major breach vector.

As cybersecurity threats evolve, proactive measures and swift action remain essential to safeguarding digital infrastructures.

Security Week News Tags:, , , , , , , , , , , ,

Related Posts

Critical Chrome Vulnerability Earns Researcher ,000 Critical Chrome Vulnerability Earns Researcher $43,000 Security Week News
Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report  Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report  Security Week News
Exploited Rockwell Vulnerability in ICS Revealed Exploited Rockwell Vulnerability in ICS Revealed Security Week News
Cisco Patches Critical Vulnerabilities in Contact Center Appliance Cisco Patches Critical Vulnerabilities in Contact Center Appliance Security Week News
GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets Security Week News
Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector Security Week News