CISA orders rapid patch for exploited cPanel plugin
🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical, actively exploited privilege escalation flaw in the LiteSpeed cPanel user-end plugin, tracked as CVE-2026-48172. LiteSpeed released urgent updates to fix the issue in the lsws.redisAble function and advised administrators to check logs and block suspicious IPs. CISA added the flaw to its known exploited vulnerabilities catalog and required patches by May 29 under BOD 22-01.
