PatchSiren

LiteSpeed Technologies CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited LiteSpeed Technologies CVE published 2026-06-15

CVE-2026-54420

CVE-2026-54420 is a HIGH severity vulnerability in LiteSpeed cPanel plugin before 2.4.8, as distributed in LiteSpeed WHM PlugIn before 5.3.2.0. The vulnerability occurs due to mishandling of symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS. This issue was exploited in the wild in May 2026. The CVSS score for this vulnerability is 8.5.

Known exploited LiteSpeed Technologies CVE published 2026-05-26

CVE-2026-48172

CVE-2026-48172 is a critical flaw in the LiteSpeed User-End cPanel Plugin before 2.4.5 that may allow privilege escalation, potentially to root. The supplied record says it was exploited in the wild in May 2026. LiteSpeed’s parent WHM plugin is described as unaffected. For exposed cPanel environments, this should be treated as an urgent patch-and-investigate issue.

HIGH LiteSpeed Technologies CVE published 2026-03-16

CVE-2026-31386

CVE-2026-31386 is an OS command injection vulnerability in OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies. An attacker with administrative privilege can execute an arbitrary OS command.