You already saw CVE-2026-48172 over the weekend: a CVSS 10.0 hole in the user-end LiteSpeed cPanel plugin (versions 2.3 through 2.4.4) that lets any cPanel account run scripts as root. The update is that it's no longer theoretical. CISA logged active exploitation on May 26, added it to the KEV catalog, and handed federal agencies until May 29 to patch or pull the plugin under BOD 22-01. That three-day clock is for government, but the blast radius isn't — this is shared hosting, where one tenant escalating to root owns every other site on the box. If you run LiteSpeed with the cPanel plugin, treat the federal deadline as yours too and update past 2.4.4 today.