CVE-2026-31386 | THREATINT

Description

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

PUBLISHED Reserved 2026-03-09 | Published 2026-03-16 | Updated 2026-03-16 | Assigner jpcert

HIGH: 7.2CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

all versions

affected

all versions

affected

References

openlitespeed.org/

www.litespeedtech.com/products/litespeed-web-server

jvn.jp/en/jp/JVN22152812/

cve.org (CVE-2026-31386)

nvd.nist.gov (CVE-2026-31386)

Download JSON