CISA urges urgent patching of exploited LiteSpeed cPanel plugin zero-day.
CISA warned federal agencies to patch CVE-2026-48172, a critical LiteSpeed user-end plugin vulnerability for cPanel that has already been exploited in the wild. The flaw can allow attackers to execute arbitrary scripts with root privileges, making it especially dangerous for shared hosting environments. LiteSpeed fixed the issue in user-end plugin version 2.4.5, and users are advised to upgrade to LiteSpeed WHM Plugin 5.3.1.0 or higher, or remove the plugin if patching is not possible.