Unrated severityNVD Advisory· Published Mar 16, 2026· Updated Mar 16, 2026

CVE-2026-31386

Description

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Affected products

Litespeedtech/LSWS Enterprisellm-create
Litespeedtech/Openlitespeedllm-fuzzy
LiteSpeed Technologies/LSWS Enterprisev5
Range: all versions
LiteSpeed Technologies/OpenLiteSpeedv5
Range: all versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN22152812/mitre
openlitespeed.orgmitre
www.litespeedtech.com/products/litespeed-web-servermitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000