HIGHCVE-2026-31386Published 2026-03-16Modified 2026-03-16CNA jpcert

CVE-2026-31386: OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

LiteSpeed Technologies / OpenLiteSpeed
all versions
LiteSpeed Technologies / LSWS Enterprise
all versions

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

openlitespeed.org
litespeedtech.com
jvn.jp

Metrics