Articles in this section

Vulnerability CVE-2026-48614 in Plesk XML API

Situation

A security vulnerability allowing local privilege escalation was discovered in Plesk's XML API. This security vulnerability has been identified as CVE-2026-48614.

Affected Product Versions

Product / Component Affected Versions Patched Versions Unaffected Versions
Plesk XML API Below 18.0.30 18.0.30 - 18.0.78.4 18.0.79 and later

Impact

Local privilege escalation (LPE) is possible. Plesk versions lower than Plesk 18.0.30 are vulnerable.

Call to Action

The vulnerability is fixed in Plesk 18.0.30 and later. Install the latest Plesk updates to remediate the issue.

If updating is not possible, apply the following mitigation:

Disable the Plesk XML API

Disable or restrict access to the Plesk XML API to prevent exploitation. Follow the steps in How to disable or restrict Plesk XML API.

Acknowledgements

We would like to thank Georgii Shutiaev for responsibly disclosing this vulnerability and working with us to help protect our customers.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.