Improper Authorization in Plesk XML API Leading to Privilege Escalation
CVE-2026-48614
9.9CRITICAL
What is CVE-2026-48614?
The vulnerability in the Plesk XML API enables an authenticated user to manipulate configuration directives without proper authorization. This flaw facilitates arbitrary file write operations as the root user, compromising the server's security and allowing full privilege escalation. It is crucial for users of affected versions of Plesk to apply necessary security measures to prevent exploitation.
Affected Version(s)
Plesk 0 < 18.0.78
