Product
litespeedtech openlitespeed
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-54939
CVE-2024-31617
CVE-2023-40518
CVE-2022-0074
CVE-2022-0073
CVE-2022-0072
CVE-2021-26758
CVE-2020-5519
CVE-2018-19792
CVE-2018-19791
CVE-2015-3890
< 1.8.4
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
< 1.8.1
OpenLiteSpeed before 1.8.1 mishandles chunked encoding.
< 1.7.18
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
>= 1.6.15 and < 1.7.16.1
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows
>= 1.7.0 and <= 1.7.16.1
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards a
>= 1.6.5 and <= 1.6.20.1
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows P
all versions
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal acces
< 1.6.5
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configura
<= 1.4.41
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possib
< 1.5.0
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker
< 1.3.10
Use-after-free vulnerability in Open Litespeed before 1.3.10.