May 23, 2026
lightspeed.png

I show You how To Make Huge Profits In A Short Time With Cryptos!

Ravie LakshmananCould 23, 2026Vulnerability / Internet Safety

A maximum-severity safety vulnerability impacting LiteSpeed Person-Finish cPanel Plugin has come below lively exploitation within the wild.

The flaw, tracked as CVE-2026-48172 (CVSS rating: 10.0), pertains to an occasion of incorrect privilege task that an attacker might abuse to run arbitrary scripts with elevated permissions.

“Any cPanel person (together with an attacker or a compromised account) could exploit the lsws.redisAble operate to execute arbitrary scripts as root,” LiteSpeed stated.

The vulnerability impacts all variations of the plugin between 2.3 and a pair of.4.4. LiteSpeed’s WHM plugin is just not impacted. The problem has been addressed in model 2.4.5. Safety researcher David Strydom has been credited with discovering and reporting the flaw.

LiteSpeed famous that the “vulnerability is being actively exploited,” however avoided sharing extra particulars. It has supplied the next indicator of compromise –


grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/native/cpanel/logs/ 2>/dev/null

If operating the aforementioned “grep” command doesn’t produce any output, the server is just not affected. Nevertheless, if there may be any output, customers are suggested to look at the IP addresses within the checklist and decide if they’re reliable, and if not, block them.

Following a safety evaluation of its cPanel and WHM plugins within the wake of the vulnerability, LiteSpeed stated it has patched extra potential assault vectors in each plugins and launched cPanel plugin model 2.4.7 as a part of WHM plugin model 5.3.1.0.

Customers are suggested to improve to LiteSpeed WHM Plugin model 5.3.1.0, which is bundled with cPanel plugin v2.4.7 or greater, to patch the vulnerability. If rapid patching is just not an possibility, it is beneficial to take away the user-end plugin by operating the under command –


/usr/native/lsws/admin/misc/lscmctl cpanelplugin --uninstall

The event comes weeks after a important cPanel vulnerability (CVE-2026-41940, CVSS rating: 9.8) was recognized as actively exploited by unknown menace actors to deploy Mirai botnet variants and a ransomware pressure known as Sorry.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

4176464-0-50929100-1779472327-Phishing-mit-Word.jpg

FBI warns of Kali Oauth stealers

0
figure-1.png

Webworm: New burrowing methods

0

You may have missed

Scrolling-on-Instagram-via-bubbles-feature-on-Android-17.jpg

I hated multitasking on my Pixel till I attempted Android 17 app bubbles

0
lightspeed.png

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

0
c8t5znsqpd1648225513.svg_.svgxml

Is my cellphone getting Android 17?

0
MIT-NewWork-01-press.jpg

Expertise normally creates jobs for younger, expert staff. Will AI do the identical? | MIT Information

0
samsung-990-pro.jpg

Finest Purchase and Amazon has dropped main SSDs costs – I discovered one of the best storage offers

0
6935205.jpg

Argos customers sprint to seize £129 TVs however we have discovered a deal that is even cheaper

0