Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2026-44962NVD

Description

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.

Severity Level

CRITICAL (10.0)

Published Date

29/05/2026

Last Modified

29/05/2026

Exploitation Status

UNKNOWN

References

https://support.plesk.com/hc/en-us/articles/38633651286679-Vulnerability-CVE-2026-44962-in-Plesk-s-APS-Catalog