CVE-2026-31386

HIGH 7.2

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Vendor	litespeed technologies
Product	openlitespeed
Published	Mar 16, 2026
Last Updated	Mar 16, 2026

Stay Ahead of the Next One

Get instant alerts for litespeed technologies openlitespeed

Be the first to know when new high vulnerabilities affecting litespeed technologies openlitespeed are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Versions

LiteSpeed Technologies / OpenLiteSpeed

all versions

LiteSpeed Technologies / LSWS Enterprise

all versions

References

NVD ↗ CVE.org ↗ EPSS Data ↗

openlitespeed.org: https://openlitespeed.org/ litespeedtech.com: https://www.litespeedtech.com/products/litespeed-web-server jvn.jp: https://jvn.jp/en/jp/JVN22152812/