CISA adds LiteSpeed cPanel Plugin vulnerability (CVE-2026-48172) to Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical LiteSpeed cPanel Plugin flaw, CVE-2026-48172, to its Known Exploited Vulnerabilities catalog. This vulnerability, with a CVSS score of 10.0, affects versions prior to 2.4.5 and allows privilege escalation, potentially to root, due to improper handling of Redis enable/disable functions. LiteSpeed has released emergency patches, and users are advised to update immediately to at least version 2.4.7.
Context
CISA's catalog serves as a resource for identifying vulnerabilities that are actively being exploited in the wild. The LiteSpeed cPanel Plugin flaw affects versions prior to 2.4.5 and is linked to improper handling of Redis functions. LiteSpeed has acknowledged the issue and released emergency patches to mitigate the risk.
Why it matters
The addition of CVE-2026-48172 to CISA's Known Exploited Vulnerabilities catalog highlights a significant security risk for users of the LiteSpeed cPanel Plugin. With a CVSS score of 10.0, this vulnerability poses a high threat level, making it critical for organizations to address it promptly. Failure to update could lead to severe consequences, including unauthorized access and control over affected systems.
Implications
If left unaddressed, this vulnerability could lead to widespread privilege escalation, affecting numerous organizations that rely on the LiteSpeed cPanel Plugin. The potential for unauthorized access may compromise sensitive data and disrupt operations. Organizations, especially those in critical infrastructure sectors, must act swiftly to safeguard their systems.
What to watch
Users of the LiteSpeed cPanel Plugin should prioritize updating to version 2.4.7 or later to protect against this vulnerability. Monitoring for any reports of exploitation in the wild will be crucial in assessing the impact of this flaw. Additionally, organizations should review their security protocols to ensure timely application of updates.
Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.