A maximum-severity vulnerability (CVE-2026-48172, CVSS 10.0) in the LiteSpeed User-End cPanel Plugin is being actively exploited to allow attackers to run arbitrary scripts with elevated privileges, potentially leading to a complete system compromise.
A critical security vulnerability, tracked as CVE-2026-48172 (CVSS score: 10.0), has been exploited in the wild against the LiteSpeed User-End cPanel Plugin. The flaw stems from incorrect privilege assignment, which an attacker can directly abuse to execute arbitrary scripts with elevated permissions (root access). This vulnerability affects any cPanel user, regardless of their access level, posing an extreme risk to server integrity and data security. Immediate action is required to patch affected systems.