CVE-2026-48172 LiteSpeed Technologies CVE debrief

Who should care

cPanel and WHM administrators, managed hosting providers, and security teams responsible for servers running LiteSpeed User-End cPanel Plugin versions before 2.4.5.

Technical summary

The supplied NVD record maps this issue to CWE-266 and gives it a CVSS 4.0 score of 10.0 with network access, no privileges, and no user interaction required, and high impact across confidentiality, integrity, and availability. The vulnerability description attributes the problem to mishandling of Redis enable/disable features in the User-End cPanel Plugin. The description also states that the LiteSpeed WHM Plugin, the parent plugin, is unaffected.

Defensive priority

Immediate. This is a critical, network-reachable privilege-escalation issue with reported in-the-wild exploitation.

Recommended defensive actions

• Upgrade LiteSpeed User-End cPanel Plugin to version 2.4.5 or later.
• Search cPanel logs for the vendor-provided indicator: grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null.
• For any matches, validate the source IP addresses, block clearly invalid or hostile sources, and correlate the timestamps with system logs to understand what was accessed or changed.
• Review affected systems for unauthorized changes or other signs of compromise, and follow your incident response process if abuse is confirmed.

Evidence notes

All core claims in this debrief come from the supplied CVE description and NVD metadata: the affected component, version boundary before 2.4.5, reported exploitation in May 2026, the unaffected parent WHM plugin, the detection grep command, the CVSS 4.0 score, and the CWE-266 mapping. The NVD record also lists LiteSpeedTech cPanel/support and release-log references as official vendor sources.

Official resources