AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMay 25, 2026CVE-2026-48172

Summary

The LiteSpeed cPanel Plugin has a privilege escalation vulnerability (a flaw that lets users gain higher-level access than they should have) that any cPanel user account can exploit to run arbitrary scripts (custom code) with root privileges (the highest admin level). This vulnerability is currently being actively exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See vendor security update at https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

May 25, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-266

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-48172

First tracked: May 26, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%