What is CVE-2026-31386?

CVE-2026-31386 is a high-severity vulnerability in Litespeed Technologies Lsws Enterprise, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-03-16.

How severe is CVE-2026-31386?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Litespeed Technologies Lsws Enterprise

CVE-2026-31386

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (45.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Litespeed Technologies Lsws Enterprise — versions all versions
Litespeed Technologies Openlitespeed — versions all versions

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

Frequently asked questions

What is CVE-2026-31386?: CVE-2026-31386 is a high-severity vulnerability in Litespeed Technologies Lsws Enterprise, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-03-16.
How severe is CVE-2026-31386?: High severity. CVSS v3 base score is 7.2 out of 10.