Litespeedtech: >> Openlitespeed >> 1.6.21 Security Vulnerabilities
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVSS Score
8.6
EPSS Score
0.002
Published
2026-03-16
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVSS Score
5.3
EPSS Score
0.006
Published
2025-08-01
OpenLiteSpeed before 1.8.1 mishandles chunked encoding.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-22
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-14
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server andĀ LiteSpeed Web Server Container allows Privilege Escalation. This affects versionsĀ from 1.6.15 before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-10-27