CVE-2026-48172 (GCVE-0-2026-48172)
Vulnerability from cvelistv5 – Published: 2026-05-21 00:38 – Updated: 2026-05-27 03:55 X_Known Exploited Vulnerability
VLAI
CISA KEV
Summary
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.
Severity
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| LiteSpeed Technologies | cPanel Plugin |
Affected:
2.3 , < 2.4.7
(custom)
|
|
| LiteSpeed Technologies | WHM Plugin |
Affected:
0 , < 5.3.1.0
(custom)
|
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 0181eb9a-faf8-4072-8417-ae685deac9a0
Exploited: Yes
Timestamps
First Seen: 2026-05-26
Asserted: 2026-05-26
Scope
Notes: KEV entry: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability | Affected: LiteSpeed / cPanel Plugin | Description: LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-05-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-266 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | cPanel Plugin |
| Due Date | 2026-05-29 |
| Date Added | 2026-05-26 |
| Vendorproject | LiteSpeed |
| Vulnerabilityname | LiteSpeed cPanel Plugin Privilege Escalation Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-05-26 18:00 UTC
| Updated: 2026-05-26 18:00 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48172",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:24.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "CVE-2026-48172 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/download/",
"defaultStatus": "unaffected",
"packageName": "WHM Plugin/cPanel Plugin",
"platforms": [
"Linux"
],
"product": "cPanel Plugin",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "WHM Plugin/cPanel Plugin",
"platforms": [
"Linux"
],
"product": "WHM Plugin",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"lessThan": "5.3.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Installation of the LiteSpeed cPanel PlugIn v2.3 or higher."
}
],
"value": "Installation of the LiteSpeed cPanel PlugIn v2.3 or higher."
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE \"cpanel_jsonapi_func=redisAble\" /var/cpanel/logs /usr/local/cpanel/logs/ 2\u003e/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T23:05:58.862Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel"
},
{
"url": "https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log"
},
{
"url": "https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Installation of LiteSpeed WHM PlugIn 5.3.1.0 and cPanel 2.4.7.\u0026nbsp; Though installation of WHM 5.2.10 and cPanel 2.4.5 and above mitigate most of the issues."
}
],
"value": "Installation of LiteSpeed WHM PlugIn 5.3.1.0 and cPanel 2.4.7.\u00a0 Though installation of WHM 5.2.10 and cPanel 2.4.5 and above mitigate most of the issues."
}
],
"tags": [
"x_known-exploited-vulnerability"
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-48172",
"datePublished": "2026-05-21T00:38:04.489Z",
"dateReserved": "2026-05-21T00:38:03.845Z",
"dateUpdated": "2026-05-27T03:55:24.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2026-48172",
"cwes": "[\"CWE-266\"]",
"dateAdded": "2026-05-26",
"dueDate": "2026-05-29",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172",
"product": "cPanel Plugin",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.",
"vendorProject": "LiteSpeed",
"vulnerabilityName": "LiteSpeed cPanel Plugin Privilege Escalation Vulnerability"
},
"epss": {
"cve": "CVE-2026-48172",
"date": "2026-05-27",
"epss": "0.07956",
"percentile": "0.92164"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-48172\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2026-05-21T02:16:33.760\",\"lastModified\":\"2026-05-26T20:19:13.460\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE \\\"cpanel_jsonapi_func=redisAble\\\" /var/cpanel/logs /usr/local/cpanel/logs/ 2\u003e/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2026-05-26\",\"cisaActionDue\":\"2026-05-29\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"LiteSpeed cPanel Plugin Privilege Escalation Vulnerability\",\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:litespeedtech:litespeed_cpanel_plugin:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.7\",\"matchCriteriaId\":\"B64A4D51-C0C2-4925-A49C-97E7CD8CAABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:litespeedtech:litespeed_whm_plugin:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.3.1.0\",\"matchCriteriaId\":\"6CBC6C6D-C562-4EB5-A2A0-BE07F716B8AF\"}]}]}],\"references\":[{\"url\":\"https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-48172\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-26T18:00:06.326752Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-05-26\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-21T12:46:02.557Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-26T00:00:00.000Z\", \"value\": \"CVE-2026-48172 added to CISA KEV\"}]}], \"cna\": {\"tags\": [\"x_known-exploited-vulnerability\"], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 10, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"LiteSpeed Technologies\", \"product\": \"cPanel Plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3\", \"lessThan\": \"2.4.7\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\"], \"packageName\": \"WHM Plugin/cPanel Plugin\", \"collectionURL\": \"https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/download/\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"LiteSpeed Technologies\", \"product\": \"WHM Plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.3.1.0\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\"], \"packageName\": \"WHM Plugin/cPanel Plugin\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Installation of LiteSpeed WHM PlugIn 5.3.1.0 and cPanel 2.4.7.\\u00a0 Though installation of WHM 5.2.10 and cPanel 2.4.5 and above mitigate most of the issues.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Installation of LiteSpeed WHM PlugIn 5.3.1.0 and cPanel 2.4.7.\u0026nbsp; Though installation of WHM 5.2.10 and cPanel 2.4.5 and above mitigate most of the issues.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel\"}, {\"url\": \"https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log\"}, {\"url\": \"https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/\"}], \"x_generator\": {\"engine\": \"CVE-Request-form 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE \\\"cpanel_jsonapi_func=redisAble\\\" /var/cpanel/logs /usr/local/cpanel/logs/ 2\u003e/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"CWE-266 Incorrect Privilege Assignment\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Installation of the LiteSpeed cPanel PlugIn v2.3 or higher.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Installation of the LiteSpeed cPanel PlugIn v2.3 or higher.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2026-05-24T23:05:58.862Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-48172\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T03:55:24.811Z\", \"dateReserved\": \"2026-05-21T00:38:03.845Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2026-05-21T00:38:04.489Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…