Search
Find a vulnerability
Search criteria
3 vulnerabilities found for LSWS Enterprise by LiteSpeed Technologies
CVE-2026-31386 (GCVE-0-2026-31386)
Vulnerability from nvd – Published: 2026-03-16 05:21 – Updated: 2026-03-16 15:29
VLAI
Summary
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| LiteSpeed Technologies | OpenLiteSpeed |
Affected:
all versions
|
|
| LiteSpeed Technologies | LSWS Enterprise |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T15:28:55.405089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T15:29:03.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenLiteSpeed",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LSWS Enterprise",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T05:21:13.948Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://openlitespeed.org/"
},
{
"url": "https://www.litespeedtech.com/products/litespeed-web-server"
},
{
"url": "https://jvn.jp/en/jp/JVN22152812/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-31386",
"datePublished": "2026-03-16T05:21:13.948Z",
"dateReserved": "2026-03-09T09:07:18.132Z",
"dateUpdated": "2026-03-16T15:29:03.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
JVNDB-2026-000037
Vulnerability from jvndb - Published: 2026-03-16 17:18 - Updated:2026-03-16 17:18
Severity
Summary
OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection
Details
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability.
- OS command injection (CWE-78) - CVE-2026-31386
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000037.html",
"dc:date": "2026-03-16T17:18+09:00",
"dcterms:issued": "2026-03-16T17:18+09:00",
"dcterms:modified": "2026-03-16T17:18+09:00",
"description": "OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-31386\u003c/li\u003e\u003c/ul\u003eDaisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000037.html",
"sec:cpe": [
{
"#text": "cpe:/a:litespeedtech:lsws_enterprise",
"@product": "LSWS Enterprise",
"@vendor": "LiteSpeed Technologies",
"@version": "2.2"
},
{
"#text": "cpe:/a:litespeedtech:open_litespeed",
"@product": "OpenLiteSpeed",
"@vendor": "LiteSpeed Technologies",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000037",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN22152812/index.html",
"@id": "JVN#22152812",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-31386",
"@id": "CVE-2026-31386",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection"
}
CVE-2026-31386 (GCVE-0-2026-31386)
Vulnerability from cvelistv5 – Published: 2026-03-16 05:21 – Updated: 2026-03-16 15:29
VLAI
Summary
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| LiteSpeed Technologies | OpenLiteSpeed |
Affected:
all versions
|
|
| LiteSpeed Technologies | LSWS Enterprise |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T15:28:55.405089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T15:29:03.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenLiteSpeed",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LSWS Enterprise",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T05:21:13.948Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://openlitespeed.org/"
},
{
"url": "https://www.litespeedtech.com/products/litespeed-web-server"
},
{
"url": "https://jvn.jp/en/jp/JVN22152812/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-31386",
"datePublished": "2026-03-16T05:21:13.948Z",
"dateReserved": "2026-03-09T09:07:18.132Z",
"dateUpdated": "2026-03-16T15:29:03.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}