CISA Adds Actively Exploited LiteSpeed cPanel Privilege Escalation Vulnerability to KEV Catalog
By
@bugxhunter.bsky.social
Plain bagel done well. Pleasantly substantive.
Summary
CISA has added one new vulnerability (CVE-2026-48172) to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability affects the LiteSpeed cPanel Plugin and involves privilege escalation. It is being actively exploited by malicious cyber actors and poses significant risks to federal enterprise systems. This addition follows Binding Operational Directive (BOD) 22-01, which established the KEV Catalog as a living list of known exploited CVEs that carry significant risk.
Key quotes
· 3 pulledCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the f
You might also wanna read
Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)
watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control
labs.watchtowr.com·1mo ago
Critical cPanel vulnerability under active attack allows full server hijacking
Security researchers have discovered a critical vulnerability in cPanel and WebHost Manager (WHM), widely used web server management softwar
techcrunch.com·1mo ago
cPanel Issues Second Emergency Patch After Ransomware Attack Compromised 44,000 Servers
cPanel issued a second emergency security patch (TSR) on May 8, 2026, just ten days after a ransomware attack exploited CVE-2026-41940 to co