Critical LiteSpeed cPanel Flaw Exploited

A critical, actively exploited vulnerability in the LiteSpeed cPanel plugin allows attackers to gain root access and run scripts on servers.

A maximum-severity security flaw in the LiteSpeed User-End cPanel Plugin is being actively exploited by attackers. The vulnerability, identified as CVE-2026-48172, has received a critical CVSS score of 10.0. The core issue stems from an incorrect privilege assignment within the plugin, which allows any authenticated cPanel user, including a compromised account, to execute arbitrary scripts with root-level permissions. This effectively gives an attacker complete administrative control over the affected web server, bypassing standard security measures.

This vulnerability poses an immediate threat to web hosting providers, developers, and any organization using cPanel with the LiteSpeed plugin. Because cPanel is a widely used control panel, the potential attack surface is substantial. A successful exploit can lead to complete server compromise, data theft, website defacement, or the installation of persistent malware. The ability for any cPanel user to escalate privileges to root makes this a particularly dangerous threat for multi-tenant hosting environments, where a single compromised account can lead to a full system takeover. IT and security teams must treat this as a high-priority incident.

The vulnerability allows any cPanel user to gain full root control of a server, a critical risk for web hosting providers and their customers. Active exploitation means servers are at immediate risk of complete compromise, data theft, and operational disruption.

A successful exploit can lead to complete server takeovers, resulting in data breaches, service outages, and significant reputational damage. For hosting companies, this could mean loss of customer trust and potential liability for compromised client data.