CVE-2026-48172: LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i

Description

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. LiteSpeed WHM Plugin (the parent plugin) is unaffected. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features.

Affected Products

Vendor	Product	Versions
litespeed	cpanel plugin	2.3

References

Related News (1 articles)

Tier C

VulDB10h ago

CVE-2026-48172 | LiteSpeed User-End cPanel Plugin up to 2.4.4 /var/cpanel/logs cpanel_jsonapi_func privileges assignment

→ No new info (linked only)

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

2.4.5

CWECWE-266

PublishedMay 21, 2026

Last enriched10h agov2

Trending Score99

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

Version History

Last enriched 10h ago

v2Tier C10h ago

Updated description with new technical details, changed severity to HIGH, marked as actively exploited, and noted that no exploit is available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v113h ago

Initial creation