CISA Warns of LiteSpeed cPanel Plugin Vulnerability Exploited in Attacks

CISA has issued an urgent warning for CVE-2026-48172, a critical privilege-escalation vulnerability in the LiteSpeed cPanel plugin that is being actively exploited; authenticated cPanel users can gain root-level script execution. The flaw was added to CISA’s KEV catalog with a remediation deadline, and organizations are advised to apply patches, restrict permissions, enhance monitoring, or disable the plugin to mitigate the high risk to multi-tenant hosting and cloud environments.