CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
Publish Date: 2026-05-27 06:06:17
Source Domain: www.bleepingcomputer.com
Summary:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urgently informed federal agencies to fix a critical vulnerability in the LiteSpeed cPanel user-end plugin to prevent exploitation. The flaw, referred to as CVE-2026-48172, enables attackers to run arbitrary scripts with root privileges without any initial authorization through a privilege escalation issue in the lsws.redisAble function. LiteSpeed has issued an immediate security update and advised users to apply it to the cPanel plugin. CISA mandated all U.S. federal agencies to patch their systems by the end of the week under Binding Operational Directive (BOD) 22-01 but stressed this vulnerability poses significant risks to the entire federal enterprise and urged private-sector entities to act swiftly to secure their servers.
Key Points:
- CISA ordered U.S. federal agencies to patch systems against CVE-2026-48172 by midnight on Friday, May 29 due to its active exploitation.
- The vulnerability in the LiteSpeed cPanel user-end plugin allows unauthorized access with elevated privileges.
- LiteSpeed has already released patches for the flaw, urging immediate updates to affected installations.
- CISA has emphasized the vulnerability’s significant risk for federal enterprises and advised private sector entities to prioritize securing their systems, if not already patched.
- There is a recommended method to detect the vulnerability’s presence in a server’s logs using specific grep commands. Users are advised to examine and, if necessary, block suspicious IP addresses.
