Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-44962 -- CVSS 9.9 Vulnerability Briefing

CVE-2026-44962 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-44962 is an XPath injection vulnerability in Plesk's APS Application Catalog search functionality, where unsanitized user input is interpolated directly into XPath queries.

Technical Detail

The flaw exists because Plesk fails to sanitize or parameterize user-supplied input before embedding it into XPath query expressions used by the APS Application Catalog search feature. An attacker who can reach this functionality can craft malicious input to manipulate the XPath query logic, potentially enabling unauthorized data extraction from the underlying XML data store, authentication bypass, or access to sensitive configuration and credential data. The CVSS score of 9.9 suggests the vulnerability is exploitable with minimal privilege requirements and carries near-complete impact across confidentiality, integrity, and availability dimensions, though the precise privilege context and full impact chain have not been publicly detailed at this time.

Exploitation Status

No known exploit code has been identified as of June 05, 2026. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. There is no public proof-of-concept, operational exploit, or evidence of active in-the-wild exploitation at this time. Given the critical severity rating, this should be treated as a high-priority patching target regardless of current exploitation status.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor associations have been established for this vulnerability as of the publication date.

What To Do

Apply any available Plesk security updates addressing this vulnerability immediately, prioritizing internet-facing Plesk installations. Administrators should verify the current Plesk version and consult the official Plesk security advisories for patch availability. As an interim measure, restrict access to the APS Application Catalog search interface at the network perimeter, limiting exposure to trusted IP ranges where operationally feasible. Monitor Plesk application logs for anomalous or malformed search query strings that may indicate probing activity. Given the 9.9 CVSS score and the nature of injection vulnerabilities in widely deployed hosting control panels, treat this as a critical patch priority even in the absence of confirmed active exploitation.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →