Litespeedtech: >> Litespeed Web Server >> 4.0.4 Security Vulnerabilities
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVSS Score
8.6
EPSS Score
0.015
Published
2026-03-16
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVSS Score
5.3
EPSS Score
0.008
Published
2025-08-01
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
CVSS Score
5.0
EPSS Score
0.602
Published
2010-06-18