Severe Plesk Privilege Escalation Flaw Patched in Linux Versions

A dangerous security vulnerability has been uncovered within a widely used web hosting control panel. Specifically, a critical Plesk privilege escalation flaw now threatens administrators running vulnerable Linux installations. The newly discovered loophole allows low-privileged users to compromise system resources easily. Therefore, security operations groups must address this threat immediately.

Understanding the XPath Injection

Security researchers track this dangerous flaw under the designation CVE-2026-44962. The threat carries a maximum severity score of CVSS 10. According to official documentation, “Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality”. This specific module maps user input directly into dynamic queries without proper architectural sanitization. Consequently, an authenticated attacker can bypass standard security barriers effortlessly.

Exploring the Severe Impact

The flaw gives adversaries unauthorized control over local Linux architectures. Specifically, “This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server”. As a result, a local threat actor can achieve immediate administrative access. Furthermore, malicious actors can view configuration files or sabotage web services. This unchecked access undermines total server integrity instantly.

Deploying the Official Remediation

Fortunately, the vendor team acted swiftly to protect their global user base. On late February 2026, developers successfully released working software updates. Administrators can fix the Plesk privilege escalation flaw by installing version 18.0.76.2 or 18.0.75.1. However, some enterprise teams might experience patch deployment delays. In this situation, administrators must configure a temporary manual mitigation instead.

Applying the Core Workaround

To implement the workaround, engineers must edit the main panel configuration file. Specifically, you should open the /usr/local/psa/admin/conf/panel.ini infrastructure map. Users must then manually turn off the vulnerable APS subsystem entirely. Afterward, restart your server management components to finalize the configuration change. Ultimately, this rapid manual step neutralizes the active attack vector effectively.

Maintaining Server Security Best Practices

Enterprise groups must practice rigorous patch management to defend their infrastructure effectively. Therefore, always track vendor advisories closely to prevent unexpected network breaches. Ultimately, quick responses to severe vulnerabilities will keep your confidential corporate data perfectly safe.