Summary
LiteSpeed Technologies patched a critical, actively exploited vulnerability (CVE-2026-48172, CVSS 10.0) in its cPanel plugin that allows any user to run scripts with root privileges. Attackers are currently using this flaw to gain full control over web hosting servers.
Take Action:
If you use LiteSpeed on cPanel immediately upgrade to LiteSpeed WHM Plugin version 5.3.1.0 (which includes the patched cPanel plugin v2.4.7) or temporarily uninstall the user-end plugin to prevent a complete server takeover. Run the grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null command, block suspicious IPs, and audit your system. If you can't update right away, uninstall the user-end plugin to prevent a total server takeover.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)