05-20-2026, 09:49 PM
Situation
A security vulnerability was found in the plugin provided by LiteSpeed that allowed unauthorized root access to the server.
Impact
In order to mitigate this vulnerability further, it is recommended to disable the LiteSpeed User-End Plugin for cPanel. This plugin will be automatically removed as part of the cPanel update on May 19, 2026, for all cPanel versions.
Note: The LiteSpeed web service will continue to function without issue.
Call to Action
The LiteSpeed plugin will be automatically disabled as part of the cPanel update process. Run the following to ensure that cPanel is fully up-to-date:
To immediately process the plugin removal, the following command should be run:
A security vulnerability was found in the plugin provided by LiteSpeed that allowed unauthorized root access to the server.
Impact
In order to mitigate this vulnerability further, it is recommended to disable the LiteSpeed User-End Plugin for cPanel. This plugin will be automatically removed as part of the cPanel update on May 19, 2026, for all cPanel versions.
Note: The LiteSpeed web service will continue to function without issue.
Call to Action
The LiteSpeed plugin will be automatically disabled as part of the cPanel update process. Run the following to ensure that cPanel is fully up-to-date:
Code:
/scripts/upcp --forceTo immediately process the plugin removal, the following command should be run:
Code:
/usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall