> TritonInfoSec News
Home / May 24, 2026 / Story
0
#1 The Hacker News general May 23, 2026 at 07:35 UTC

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

By [email protected] (The Hacker News)

AI Summary

CVE-2026-48172, a CVSS 10.0 privilege escalation flaw in the LiteSpeed User-End cPanel Plugin, is under active exploitation in the wild. The vulnerability stems from incorrect privilege assignment, allowing any cPanel user — including compromised accounts — to execute arbitrary scripts as root. Server administrators running LiteSpeed on cPanel hosts should patch immediately given the maximum severity score and confirmed in-the-wild exploitation.

Read full article → https://thehackernews.com/2026/05/litespeed-cpanel…

Relevance score: 88.0/100

# More from May 24

  1. 2
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV The Hacker News
  2. 3
    A hacker group is poisoning open source code at an unprecedented scale Ars Technica Security
  3. 4
    Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack SecurityWeek
  4. 5
    ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested SecurityWeek
  5. 6
    US and Canada arrest and charge suspected Kimwolf botnet admin BleepingComputer
  6. 7
    CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV The Hacker News
  7. 8
    CISA Security Leak Schneier on Security
  8. 9
    FBI warns about fast-growing phishing kit targeting Microsoft 365 users CyberScoop
  9. 10
    China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts. Dark Reading