CVE-2026-48172
Privilege Escalation in LiteSpeed User-End cPanel Plugin
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| litespeed_technologies | cpanel_plugin | to 2.4.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the LiteSpeed User-End cPanel Plugin versions before 2.4.5. It allows privilege escalation, potentially to root level, due to mishandling of Redis enable/disable features. This vulnerability has been exploited in the wild as of May 2026.
Detection involves running a command to search for the string "cpanel_jsonapi_func=redisAble" in specific cPanel log directories. If output is found, it indicates possible exploitation, and further investigation of IP addresses and system logs is recommended.
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation, possibly granting an attacker root-level access to the affected system. Such elevated privileges can allow unauthorized control over the server, potentially leading to data breaches, system compromise, or further exploitation.
If exploited, attackers may manipulate system configurations, access sensitive data, or disrupt services running on the server.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running a command line search for the string "cpanel_jsonapi_func=redisAble" in the cPanel log directories.
- Use the following Bash command: grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null
If the command returns no output, it indicates that the system has not been exploited via this vulnerability. If there is output, examine the IP addresses found, verify their validity, and consider blocking any suspicious IPs. Additionally, review system logs for activities associated with those IP addresses to assess potential damage.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include examining any detected suspicious IP addresses from the detection command and blocking those that are not valid or authorized.
Additionally, review system logs for any unauthorized activity linked to those IP addresses to understand the extent of any compromise.
Since the vulnerability affects LiteSpeed User-End cPanel Plugin versions before 2.4.5, upgrading the plugin to version 2.4.5 or later is recommended to prevent exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in LiteSpeed User-End cPanel Plugin before version 2.4.5 allows privilege escalation, potentially to root level, which can lead to unauthorized access and control over the affected system.
Such unauthorized privilege escalation can compromise the confidentiality, integrity, and availability of sensitive data, which are core requirements in compliance standards like GDPR and HIPAA.
If exploited, this vulnerability could result in data breaches or unauthorized data manipulation, thereby violating regulatory requirements for protecting personal and health information.
Therefore, organizations using affected versions of the plugin may face increased risk of non-compliance with these standards unless the vulnerability is mitigated.