LiteSpeed User-End cPanel Plugin privilege escalation vulnerability (CVE-2026-48172)

May 22, 2026 Duncan 530 Views 0 Comments CVE-2026-48172, Cyber Security, Privilege Escalation Vulnerability 0 min read

CVE number – CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026.

Detection is best done via a command line of grep -rE “cpanel_jsonapi_func=redisAble” /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash.

If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them.

To determine damage done, examine the system logs for use by the detected IP addresses.

The issue is related to mishandling of Redis enable/disable features.

The recommended minimum version is 2.4.7.

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

LiteSpeed User-End cPanel Plugin privilege escalation vulnerability (CVE-2026-48172)

Like this:

Related Posts

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Leave a ReplyCancel reply