LiteSpeed has released security updates to address a privilege escalation vulnerability, tracked as CVE-2026-54420 and CVE-2026-48172, that could allow an authenticated user with FTP or web shell access to escalate privileges to root on affected cPanel/WHM servers, including environments running CloudLinux and CageFS.

Affected Systems:

• LiteSpeed cPanel Plugin: versions prior to 2.4.8

• LiteSpeed WHM Plugin: versions prior to 5.3.2.0

Security Risks

The successful exploitation of this vulnerability could allow attackers to bypass authentication controls and gain unauthorized administrative access to cPanel and WHM systems without valid credentials.

For more information on this vulnerability and related updates, please refer to official cPanel security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators:

• Upgrade cPanel and WHM plugins to the latest supported versions to ensure continued access to security patches and technical support.

• Ensure valid backups are available before applying updates.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Security Advisory – cPanel

• https://thehackernews.com

• https://www.cisa.gov

• https://blog.litespeedtech.com

• https://www.bleepingcomputer.com