CRITICAL
LiteSpeed Technologies
CVE published 2026-05-21
CVE-2026-48172
CVE-2026-48172 is a critical flaw in the LiteSpeed User-End cPanel Plugin before 2.4.5 that may allow privilege escalation, potentially to root. The supplied record says it was exploited in the wild in May 2026. LiteSpeed’s parent WHM plugin is described as unaffected. For exposed cPanel environments, this should be treated as an urgent patch-and-investigate issue.