Litespeedtech: >> Openlitespeed >> 1.7.1 Security Vulnerabilities
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVSS Score
8.6
EPSS Score
0.002
Published
2026-03-16
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVSS Score
5.3
EPSS Score
0.006
Published
2025-08-01
OpenLiteSpeed before 1.8.1 mishandles chunked encoding.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-22
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-14
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
CVSS Score
5.8
EPSS Score
0.003
Published
2022-10-27
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.009
Published
2022-10-27
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-10-27