CVE-2026-31386
Analyzed Analyzed - Analysis Complete
OS Command Injection in OpenLiteSpeed and LSWS Enterprise

Publication date: 2026-03-16

Last updated on: 2026-06-08

Assigner: JPCERT/CC

Description
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-06-08
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-31386
EUVD
EUVD-2026-12333
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
litespeedtech litespeed_web_server to 6.3.5 (exc)
litespeedtech openlitespeed to 1.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31386 is an OS command injection vulnerability found in OpenLiteSpeed and LSWS Enterprise web servers developed by LiteSpeed Technologies.

This vulnerability allows an attacker who already has administrative privileges to execute arbitrary operating system commands remotely on the affected server.

Mitigation Strategies

To mitigate CVE-2026-31386, it is recommended to restrict access to the WebAdmin console port by limiting connections only to trusted IP addresses.

This restriction reduces the risk of an attacker with administrative privileges remotely exploiting the OS command injection vulnerability.

Impact Analysis

An attacker exploiting this vulnerability can execute arbitrary OS commands with administrative privileges, potentially leading to full compromise of the affected server.

The impact includes high severity effects on confidentiality, integrity, and availability of the system, as indicated by the CVSS scores (v3.1 base score 8.6).

This could result in unauthorized data access, data modification, service disruption, or further attacks launched from the compromised server.

Compliance Impact

I don't know

Detection Guidance

The vulnerability CVE-2026-31386 is an OS command injection in OpenLiteSpeed and LSWS Enterprise web servers that requires administrative privileges to exploit. Detection involves monitoring for unusual or unauthorized command execution attempts on the WebAdmin console or server.

Since the vulnerability allows arbitrary OS command execution via the administrative interface, detection can include checking access logs for suspicious activity on the WebAdmin console port and monitoring for unexpected commands or processes spawned by the web server.

Specific commands to detect exploitation attempts are not provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31386. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart