It has been brought to our attention that Litespeed 6.3.5 addresses CVE-2026-31386 which is a potential remote execution vulnerability.
An attacker who has valid Litespeed admin credentials could potentially execute arbitrary commands on the server.
By default, Enhance does not open the Litespeed admin port (7080).
If you would like to upgrade Litespeed to 6.3.5, run (as root):
/usr/local/lsws/admin/misc/lsup.sh -f -v 6.3.5 -b 5
The latest version of Openlitespeed published in their apt repository is 1.9.0. There is no mention of this CVE in the release notes but if you would like to upgrade Openlitespeed it can be done with apt.
apt update
apt upgrade
