Articles in this section

Vulnerability CVE-2026-44962 in Plesk's APS Catalog

Applicable to:

  • Plesk for Linux

Situation

A security vulnerability allowing local privileges escalation was discovered in search functionality of Plesk's APS Catalog. This security vulnerability has been identified as CVE-2026-44962.

Affected product version

Product Affected versions Patched verions Unaffected versions

Plesk Obsidian 18.x

Below 18.0.75.1

18.0.75.1

18.0.76.2 and later

Impact

Local privilege escalation (LPE) is possible.

Call to action

On February 24 and 25, 2026, the Plesk Team published fixed versions of Plesk: 18.0.76.2 and 18.0.75.1. 

Update Plesk to install it by following the steps from this guide: How to install Plesk updates

Mitigation

If upgrading is not possible at the moment, apply the workaround below by adding the below section into the /usr/local/psa/admin/conf/panel.ini file.

CONFIG_TEXT: [aps]
enabled = off

Acknowledgements

We would like to thank Georgii Shutiaev for responsibly disclosing this vulnerability and working with us to help protect our customers.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.