CVE-2026-31386

Summary

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Affected Software

VendorProductVersion RangeStatus
LiteSpeed TechnologiesOpenLiteSpeedall versionsaffected
LiteSpeed TechnologiesLSWS Enterpriseall versionsaffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References