cvedb.io
CVE-2026-31386
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2026-03-16T14:19:33.170 · Last modified 2026-06-17T10:33:36.717

Summary

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Affected products

litespeedtech — litespeed_web_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when litespeedtech ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.