CVE-2026-31386
OS Command Injection in OpenLiteSpeed and LSWS Enterprise
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| litespeed_technologies | litespeed_web_server | * |
| litespeed_technologies | openlitespeed | * |
| litespeed_technologies | lsws_enterprise | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31386 is an OS command injection vulnerability found in OpenLiteSpeed and LSWS Enterprise web servers developed by LiteSpeed Technologies.
This vulnerability allows an attacker who already has administrative privileges to execute arbitrary operating system commands remotely on the affected server.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2026-31386, it is recommended to restrict access to the WebAdmin console port by limiting connections only to trusted IP addresses.
This restriction reduces the risk of an attacker with administrative privileges remotely exploiting the OS command injection vulnerability.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary OS commands with administrative privileges, potentially leading to full compromise of the affected server.
The impact includes high severity effects on confidentiality, integrity, and availability of the system, as indicated by the CVSS scores (v3.1 base score 8.6).
This could result in unauthorized data access, data modification, service disruption, or further attacks launched from the compromised server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability CVE-2026-31386 is an OS command injection in OpenLiteSpeed and LSWS Enterprise web servers that requires administrative privileges to exploit. Detection involves monitoring for unusual or unauthorized command execution attempts on the WebAdmin console or server.
Since the vulnerability allows arbitrary OS command execution via the administrative interface, detection can include checking access logs for suspicious activity on the WebAdmin console port and monitoring for unexpected commands or processes spawned by the web server.
Specific commands to detect exploitation attempts are not provided in the available resources.