Federal agencies are under pressure to remediate **CVE-2026-48172** within four days, as mandated by **Binding Operational Directive (BOD) 22-01**. The vulnerability lies within the `lsws.redisAble` function, related to the mishandling of **Redis** enable/disable features. ### Technical Details of CVE-2026-48172 This vulnerability allows remote attackers without privileges to execute arbitrary scripts with root privileges. It stems from an incorrect privilege assignment weakness within the **LiteSpeed** plugin. ### Urgent Security Updates Released **LiteSpeed** released urgent security updates on Thursday to address the flaw, urging users to update the **cPanel** user-end plugin (bundled with the WHM plugin) to the latest version. The vulnerability affects user-end plugin versions between v2.3 and v2.4.4. ### Identifying and Mitigating the Vulnerability Users can use the following command to check if their server is vulnerable to **CVE-2026-48172** attacks: grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null The **LiteSpeed** team advises: > "If this command results in any output, we recommend you examine the IPs in the list, determine if they are valid, and if not, block them. To determine any damage done, examine the system logs for any actions taken by the detected IPs." ### CISA's Directive and Broader Implications **CISA** added the security flaw to its catalog of vulnerabilities exploited in attacks and ordered U.S. federal agencies to patch their systems by midnight on Friday, May 29. While **BOD 22-01** applies specifically to federal agencies, **CISA** strongly advises all defenders, including those in the private sector, to prioritize patching **CVE-2026-48172** and secure their servers immediately. **CISA** warns: > "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Apply mitigations per vendor instructions, follow applicable **BOD 22-01** guidance for cloud services, or discontinue use of the product if mitigations are unavailable."