CVE-2026-48614

WebPros · Plesk

An improper authorization vulnerability in the Plesk XML API allows authenticated users to inject configuration directives, leading to arbitrary file writes and full root privilege escalation.

Executive summary

A critical authorization vulnerability in WebPros Plesk allows authenticated attackers to escalate privileges to root, posing a severe threat to server integrity.

Vulnerability

This vulnerability involves an improper authorization flaw within the XML API, which permits an authenticated user to perform unauthorized configuration injections. This results in the ability to write arbitrary files to the filesystem with root-level permissions.

Business impact

The potential for full privilege escalation to root provides an attacker with complete control over the affected server. Given the CVSS score of 9.9, this vulnerability represents an extreme risk, enabling data exfiltration, service disruption, and the deployment of persistent malicious backdoors.

Remediation

Immediate Action: Upgrade WebPros Plesk to version 18.0.78 or later immediately to resolve the API authorization flaw.

Proactive Monitoring: Review XML API access logs for anomalous configuration requests or suspicious calls originating from low-privileged accounts.

Compensating Controls: Restrict access to the Plesk XML API at the network level to trusted IP addresses only, limiting the attack surface available to unauthorized actors.

Exploitation status

Public Exploit Available: False

Analyst recommendation

The severity of this vulnerability cannot be overstated, as it grants full control over the underlying server infrastructure. System administrators must prioritize the update to version 18.0.78 to mitigate the risk of complete system compromise.