CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

A critical privilege-escalation flaw (CVE-2026-48172) in the LiteSpeed cPanel user plugin allows unauthenticated attackers to execute arbitrary scripts as root; the bug (lsws.redisAble incorrect privilege handling) is being actively exploited, LiteSpeed released urgent updates, and CISA ordered U.S. federal agencies to patch immediately while providing detection and mitigation guidance.