CVE-2021-26758

HIGH

Litespeedtech Openlitespeed - Improper Privilege Management

Title source: rule

Description

Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metin Yunus Kandemir · pythonwebappsmultiple

https://www.exploit-db.com/exploits/49556

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://docs.unsafe-inline.com/0day/openlitespeed-web-server-1.7.8-command-injection-to-privilege-escalation-cve-2021-26758

[Exploit, Third Party Advisory] https://github.com/litespeedtech/openlitespeed/issues/217

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49556

Scores

CVSS v3 8.8

EPSS 0.0336

EPSS Percentile 87.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

litespeedtech/openlitespeed 1.7.8

Published Apr 07, 2021

Tracked Since Feb 18, 2026