Litespeedtech Openlitespeed
12 CVEs affecting Litespeedtech Openlitespeed. Latest disclosed: 2026-03-16. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-5519 | Critical | 9.8 | 2020-01-06 | The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. |
CVE-2022-0074 | High | 8.8 | 2022-10-27 | Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This aff… |
CVE-2022-0073 | High | 8.8 | 2022-10-27 | Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This a… |
CVE-2021-26758 | High | 8.8 | 2021-04-07 | Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the… |
CVE-2023-40518 | High | 7.5 | 2023-08-14 | LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. |
CVE-2015-3890 | High | 7.5 | 2017-09-20 | Use-after-free vulnerability in Open Litespeed before 1.3.10. |
CVE-2026-31386 | High | 7.2 | 2026-03-16 | OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by… |
CVE-2018-19792 | Medium | 6.7 | 2018-12-03 | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other imp… |
CVE-2018-19791 | Medium | 6.5 | 2018-12-03 | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size… |
CVE-2022-0072 | Medium | 5.8 | 2022-10-27 | Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects ve… |
CVE-2025-54939 | Medium | 5.3 | 2025-08-01 | LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. |
CVE-2024-31617 | Medium | 5.3 | 2024-05-22 | OpenLiteSpeed before 1.8.1 mishandles chunked encoding. |