CVE-2026-44962 Plesk XPath Injection Vulnerability
Posted: Mon Jun 01, 2026 2:58 pm
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.
More Information:
https://cvefeed.io/vuln/detail/CVE-2026-44962
https://cybersecuritynews.com/plesk-com ... erability/
More Information:
https://cvefeed.io/vuln/detail/CVE-2026-44962
https://cybersecuritynews.com/plesk-com ... erability/