LiteSpeed cPanel Plugin Flaw Exploited to Run Scripts as Root
A security flaw in the LiteSpeed cPanel Plugin is being exploited, allowing attackers to run scripts with elevated permissions on affected systems.
The vulnerability, tracked as CVE-2026-48172, involves incorrect privilege assignment within the plugin. According to The Hacker News, any cPanel user — including an attacker or a compromised account — can abuse the flaw to execute scripts with root-level privileges.
The issue impacts the LiteSpeed cPanel Plugin, which integrates LiteSpeed's web server functionality with cPanel's hosting management interface.
LiteSpeed cPanel Plugin 漏洞遭利用以 Root 權限執行 Script
LiteSpeed cPanel Plugin 中一個安全漏洞正遭利用,允許攻擊者在受影響的系統上以提升的權限執行 script。
該漏洞編號為 CVE-2026-48172,涉及 plugin 內的權限分配錯誤。據 The Hacker News 報道,任何 cPanel 用戶(包括攻擊者或遭入侵的帳戶)均可濫用此漏洞以 root 權限執行 script。
該問題影響 LiteSpeed cPanel Plugin,此 plugin 將 LiteSpeed 的網頁伺服器功能與 cPanel 的寄存管理介面整合。