Litespeedtech Litespeed Web Server — known CVE vulnerabilities
Every CVE whose affected-product data names Litespeedtech Litespeed Web Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-31386 — CVSS 7.2 (high): OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command…
CVE-2004-0112 — CVSS 5.0 (medium): The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of…
CVE-2010-2333 — CVSS 5.0 (medium): LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP…
CVE-2012-4871 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote…