A critical zero-day privilege-escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited. Tracked as CVE-2026-48172 with a maximum CVSS score of 10.0, the flaw enables any authenticated cPanel user to execute arbitrary scripts as root. This vulnerability prompted emergency response measures, including cPanel forcing a fleet-wide uninstall five hours before its scheduled Technical Security […]
The post LiteSpeed cPanel Plugin Zero-Day Exploited for Full Server Root Access. appeared first on Cyber Security News.