Vulnerability intelligence
CVE-2026-44962
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.
CVSS Score
10
Critical
EPSS — Exploit Probability
0.0%
Riskier than 12% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
1 article across 1 outlet · first covered Jun 1, 2026 · latest Jun 1, 2026
Coverage timeline
-
Plesk CVE-2026-44962 Flaw Lets Low Priv Users Gain Server Accesssecurityonline.info · Jun 1, 2026