top of page
perceptive_background_267k.jpg

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath querie…

Published:

28 mei 2026 om 22:00:00

Alert date:

29 mei 2026 om 17:11:09

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality. User-supplied input is interpolated into XPath queries without proper sanitization. This vulnerability allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server. The flaw results in local privilege escalation on affected Plesk installations. The vulnerability affects the search functionality within the APS Application Catalog component of Plesk.

Technical details

Mitigation steps:

Affected products:

Plesk

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-44962
https://support.plesk.com/hc/en-us/articles/38633651286679-Vulnerability-CVE-2026-44962-in-Plesk-s-APS-Catalog

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page