LiteSpeed cPanel Plugin CVE-2026-48172 Actively Exploited for Root Privilege Escalation

A maximum-severity flaw (CVE-2026-48172, CVSS 10.0) in the LiteSpeed User-End cPanel Plugin is under active exploitation in the wild. The vulnerability stems from incorrect privilege assignment, allowing any cPanel user — including an attacker with a compromised account — to execute arbitrary scripts with root-level permissions.

Any cPanel-hosted environment running LiteSpeed is affected. The combination of a CVSS 10.0 score, low attack complexity, and confirmed in-the-wild exploitation makes this an immediate patch priority for web hosting providers and their tenants.