CISA warns of another cPanel plugin flaw exploited in attacks

CISA gave U.S. federal agencies three days to patch CVE-2026-48172, a high-severity vulnerability in the LiteSpeed cPanel user-end plugin. The flaw allows privilege escalation to root on shared hosting servers running CloudLinux/CageFS. All plugin versions before 2.4.8 are affected, and active exploitation was reported in early June.