The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks.
Tracked as CVE-2026-48172, this privilege escalation vulnerability is related to the mishandling of Redis enable/disable features and was found in the lsws.redisAble function.
The vulnerability stems from an incorrect privilege assignment weakness that enables remote attackers with no privileges to execute arbitrary scripts with root privileges.
LiteSpeed released urgent security updates on Thursday to address the flaw, warning users to update the cPanel user-end plugin (bundled with the WHM plugin) to the latest version.
Users are advised to use the following command to check if their server is vulnerable to CVE-2026-48172 attacks:
