Litespeedtech Openlitespeed — known CVE vulnerabilities
Every CVE whose affected-product data names Litespeedtech Openlitespeed, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-5519 — CVSS 9.8 (critical): The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration >…
CVE-2021-26758 — CVSS 8.8 (high): Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and…
CVE-2022-0074 — CVSS 8.8 (high): Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege…
CVE-2022-0073 — CVSS 8.8 (high): Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows…
CVE-2026-31386 — CVSS 7.2 (high): OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command…
CVE-2018-19792 — CVSS 6.7 (medium): The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have…
CVE-2018-19791 — CVSS 6.5 (medium): The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to…
CVE-2022-0072 — CVSS 5.8 (medium): Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path…