CVE-2026-48172 in LiteSpeed cPanel plugin: exploited to execute scripts as root

Colleagues, a security alert: CVE-2026-48172 in the LiteSpeed cPanel plugin is being actively exploited.
What happened:
— Incorrect privilege assignment in lsws.redisAble allows scripts to run as root.
— Affected: versions 2.3–2.4.4; fixed in 2.4.5. Update recommended to cPanel plugin 2.4.7 and WHM 5.3.1.0.
How to check & mitigate:
— Indicator: grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null
— Temporarily remove plugin: /usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall
Why it matters: the flaw grants full server control and is already exploited.
What measures are you taking?
#cybersecurity #cPanel #LiteSpeed #infosec


Latest comments
No comments yet.