CVE-2026-44962P2CRITICALCVSS 9.9≥ 18.0.75.1, < 18.0.75.1·≥ 18.0.76.2, < 18.0.76.22026-05-29
CVE-2026-44962 [CRITICAL] CWE-643 CVE-2026-44962: Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality,
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.
nvd