CVE-2026-44962

N/A

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

XPath表达式中数据转义处理不恰当(XPath注入)

Plesk 安全漏洞

Plesk是瑞士Plesk公司的一个网络主机控制面板。 Plesk存在安全漏洞，该漏洞源于APS应用目录搜索功能中XPath注入，用户输入未正确清理直接插入XPath查询，可能导致低权限认证用户执行任意操作系统命令，实现本地权限提升。

N/A

N/A