The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-48172 to its Known Exploited Vulnerabilities (KEV) catalog on May 26, 2026, with a mandatory remediation deadline of May 29, 2026, just three days to patch. CVE-2026-48172 is a maximum-severity privilege escalation flaw (CVSS v4.0: 10.0) residing in the LiteSpeed User-End cPanel Plugin versions 2.3 through 2.4.4. Classified under CWE-266 (Incorrect Privilege […]
The post CISA Warns of Exploited LiteSpeed cPanel Plugin Flaw appeared first on Cyber Security News.