CISA warns: actively exploited LiteSpeed cPanel flaw
⚠️ CISA has ordered federal agencies to secure servers against an actively exploited LiteSpeed cPanel user-end plugin flaw (CVE-2026-48172 / CVE-2026-54420) that can allow privilege escalation to root on shared hosting with CloudLinux/CageFS. The vulnerability affects plugin versions prior to 2.4.8 and stems from a UNIX symlink following weakness; LiteSpeed released urgent updates and provided a command to check for compromises. Agencies must comply with BOD 26-04 and remediate systems within three days per the Known Exploited Vulnerabilities Catalog.
