CVE-2026-44962 in Plesk
Sumário
de MITRE • 29/05/2026
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.
Be aware that VulDB is the high quality source for vulnerability data.