Litespeedtech Openlitespeed

12 CVEs affecting Litespeedtech Openlitespeed. Latest disclosed: 2026-03-16. Critical: 1, High: 6.

Top CVEs affecting Litespeedtech Openlitespeed
CVESeverityScorePublishedSummary
CVE-2020-5519Critical9.82020-01-06The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.
CVE-2022-0074High8.82022-10-27Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This aff…
CVE-2022-0073High8.82022-10-27Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This a…
CVE-2021-26758High8.82021-04-07Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the…
CVE-2023-40518High7.52023-08-14LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVE-2015-3890High7.52017-09-20Use-after-free vulnerability in Open Litespeed before 1.3.10.
CVE-2026-31386High7.22026-03-16OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by…
CVE-2018-19792Medium6.72018-12-03The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other imp…
CVE-2018-19791Medium6.52018-12-03The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size…
CVE-2022-0072Medium5.82022-10-27Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects ve…
CVE-2025-54939Medium5.32025-08-01LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVE-2024-31617Medium5.32024-05-22OpenLiteSpeed before 1.8.1 mishandles chunked encoding.