Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.
More Information:
https://cvefeed.io/vuln/detail/CVE-2026-44962
https://cybersecuritynews.com/plesk-com ... erability/
CVE-2026-44962 Plesk XPath Injection Vulnerability
-
Starburst-David
- Posts: 53
- Joined: Wed Feb 11, 2026 8:31 pm