CISA Warns of Exploited LiteSpeed cPanel Plugin Flaw

A critical privilege-escalation vulnerability (CVE-2026-48172, CVSS v4.0: 10.0) in the LiteSpeed User-End cPanel Plugin (versions 2.3 through 2.4.4) allows any authenticated cPanel user to reach backend operations executed as root, enabling full server takeover. Active exploitation was confirmed in May 2026, CISA added the flaw to its Known Exploited Vulnerabilities catalog with a May 29, 2026 remediation deadline, and vendors released patches (User-End v2.4.7 / WHM v5.3.1.0); the report includes a Tenable-recommended detection grep and mitigation steps (patch, IP restrictions, credential rotation).