Critical LiteSpeed cPanel Plugin Flaw Added to Active Exploit List

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified a new actively exploited vulnerability in the LiteSpeed cPanel Plugin (CVE-2026-48172) that allows privilege escalation. The flaw has been added to CISA's Known Exploited Vulnerabilities Catalog, which tracks security weaknesses actively used by cyber criminals. While CISA's mandatory patching directive applies only to US federal agencies, the organization urges all businesses and organizations to prioritize fixing such vulnerabilities immediately. Privilege escalation flaws are commonly exploited by attackers to gain unauthorized system access. Organizations should review their systems and apply available patches promptly to prevent exploitation. Source: CISA.