kb: how-to
kb: security
Applicable to:
- Plesk for Linux
Question
Is Plesk affected by this vulnerability?
Answer
Currently, Plesk uses ProFTPD 1.3.9a. The vulnerability CVE-2026-42167 has been addressed in this version.
The vulnerability is related to the mod_sql module, which is not included in the ProFTPD build shipped with Plesk.
Plesk uses a custom ProFTPD build with a limited set of modules:
- mod_ratio
- mod_readme
- mod_quotatab
- mod_quotatab_file
- mod_tls
Since mod_sql is not used, the vulnerability does not apply to Plesk installations.
No action is required.
Comments
Please sign in to leave a comment.