Technical description
The LiteSpeed User-End cPanel Plugin before version 2.4.5 contains a privilege escalation vulnerability arising from incorrect privilege assignment (CWE-266) in the Redis enable/disable feature. The plugin's redisAble JSON API function does not properly validate authorization before performing privileged operations, allowing any cPanel user account — or an unauthenticated network attacker — to escalate privileges, potentially to root. The vulnerability was exploited in the wild in May 2026 and was added to CISA's Known Exploited Vulnerabilities catalog on May 26, 2026 with a federal due date of May 29, 2026.
Attack vector
Network-accessible, no authentication required. Attacker sends a crafted HTTP request to the cPanel JSON API targeting cpanel_jsonapi_func=redisAble. Detection: search cPanel logs for 'cpanel_jsonapi_func=redisAble' to identify exploitation attempts.
Affected systems
LiteSpeed User-End cPanel Plugin versions before 2.4.5. The parent LiteSpeed WHM Plugin is not affected. Shared and reseller hosting environments are at elevated risk: one compromised cPanel account can escalate to root on the shared server.
Mitigation
Upgrade to LiteSpeed User-End cPanel Plugin version 2.4.5 or later (2.4.7 with WHM Plugin 5.3.1.0 bundle recommended per LiteSpeed release log). Search /var/cpanel/logs and /usr/local/cpanel/logs/ for 'cpanel_jsonapi_func=redisAble' to identify prior exploitation. Federal agencies must remediate by May 29, 2026.