LiteSpeed cPanel Plugin CVE-2026-48172 — Patch Today If Your Site Is on cPanel

A maximum-severity bug in the LiteSpeed User-End cPanel Plugin (CVE-2026-48172, CVSS 10.0) is being actively exploited to take full root control of shared hosting servers, as reported by The Hacker News. Any cPanel user — including a compromised account on the same server — can send one malformed API call to the plugin’s lsws.redisAble endpoint and run scripts as root. Versions 2.3 through 2.4.4 are vulnerable.

If your business website, online booking platform or donor portal sits on a shared cPanel host running the LiteSpeed user-end plugin (a very common combination on Australian budget and reseller hosting plans), this is your problem too. A single compromised neighbour on the same server can pivot to root and reach every site on the box — your files, your databases, your customer data. The fix is plugin version 2.4.5, or LiteSpeed WHM Plugin 5.3.1.0 bundled with cPanel plugin 2.4.7 or later.

What to do today: ask your web host or developer to confirm the LiteSpeed cPanel Plugin is on 2.4.5 or higher. If they can’t tell you within the hour, that’s your answer about how seriously they take patching. Managed hosts and anyone running their own cPanel server should run LiteSpeed’s detection grep across /var/cpanel/logs and /usr/local/cpanel/logs/ to check for prior exploitation attempts before they assume they’re clean.

If you’re not sure who actually owns patching for your hosting stack, that gap is bigger than this single CVE. Talk to us about wrapping your web infrastructure into a managed cybersecurity baseline so the next 10/10 doesn’t catch you on the back foot.