LiteSpeed Blog / Products / LiteSpeed Web Server / Security Update for LiteSpeed cPanel Plugin

Security Update for LiteSpeed cPanel Plugin

May 21st, 2026 by LiteSpeed Web Server , Security 0 Comments

LiteSpeed cPanel Plugin Vulnerability

We have an urgent security update for LiteSpeed’s user-end plugin for cPanel.

This week we were made aware of a vulnerability affecting our user-end cPanel plugin (LiteSpeed’s WHM plugin was not affected). We patched this vulnerability in v2.4.5.

Please update to the latest version of the cPanel user-end plugin, which is bundled with the WHM plugin..

This Privilege Escalation vulnerability, which was reported to us by David Strydom has been assigned CVE-2026-48172.

Impact

Any cPanel user (including an attacker or a compromised account) may exploit the lsws.redisAble function to execute arbitrary scripts as root.

This vulnerability is being actively exploited, and poses a risk for all user-end plugin versions between v2.3 and v2.4.4.

Use the following command to determine if your server has been affected:

grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null

If there is no output, then your server has not been affected.

If this command results in any output, we recommend you examine the IPs in the list, determine if they are valid, and if not, block them. To determine any damage done, examine the system logs for any actions taken by the detected IPs. If you need assistance, you may contact our support team.

Actions

We urgently recommend that those using the LiteSpeed user-end plugin for cPanel upgrade to LiteSpeed WHM Plugin v5.3.1.0 (bundled w/ cPanel plugin v2.4.7) or higher to patch this vulnerability.

If you cannot upgrade at this time, you can use the following command to remove the user-end plugin and avoid this vulnerability:

/usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall

Additional Vulnerabilities

After addressing the initial report, we undertook a full security review of our cPanel and WHM plugins

As a result, we have patched additional potential attack vectors in both plugins and released cPanel plugin v2.4.7 bundled with WHM plugin v5.3.1.0.

To be clear, there have been no reports of these additional vulnerabilities being exploited. This was a proactive review, undertaken with the assistance of the cPanel/WebPros team.

Timeline

  • May 19, 2026: We were alerted to the original issue.
  • May 19, 2026: cPanel pushed an uninstall command for the user-end plugin
  • May 19, 2026: We released cPanel plugin v2.4.6 and WHM plugin v5.3.0.0
  • May 20, 2026: We applied for a CVE
  • May 21, 2026: We completed a security review and released v2.4.7 and v5.3.1.0 of the plugins

Conclusion

We thank David Strydom for bringing the original issue to our attention. We’d also like to thank the cPanel team for their immediate action in preventing further exploitation on additional servers. All known vulnerabilities have been patched, so if you are keeping your cPanel plugin up-to-date, there is nothing you need to do. If you have not updated in a while, please do so immediately.

Tags:
Categories:LiteSpeed Web Server , Security

Related Posts

Comments