CVE-2026-48614

CVE-2026-48614CVE-2026-48614

Description

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server.

Scoring

CVSS 9.9 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Last modified2026-07-06
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.