A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to execute arbitrary scripts as root and gain full server control. Tracked as CVE-2026-48172 with a maximum CVSS score of 10.0, the flaw has been patched as of May 21, 2026. The root cause is a logic […]

The post LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.