CISA Mandates US Agencies to Fix cPanel Vulnerability Within 4 Days

The US Cybersecurity and Infrastructure Security Agency (CISA) has demanded that federal agencies urgently address a critical vulnerability in the LiteSpeed plugin for the popular cPanel hosting control panel. Agencies have only four days to fix the flaw, due to its active exploitation in attacks.

The vulnerability affects the user-facing part of the LiteSpeed plugin integrated into cPanel. The issue allows attackers to gain unauthorized access to servers, posing serious data security risks. CISA has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, mandating government agencies to take action within the specified timeframe.

Experts note that such CISA directives typically apply to critical vulnerabilities that threaten national security. In this case, the flaw impacts a widely used product employed by thousands of hosting providers and companies worldwide, increasing the urgency of the issue.

While CISA’s requirement applies only to US federal agencies, cybersecurity experts recommend that all cPanel users with the LiteSpeed plugin install available updates immediately. Otherwise, servers may become easy targets for hackers.