ZeroPath at Black Hat USA 2026

Brief Summary: CVE-2026-44962, Critical XPath Injection to Root in Plesk APS Catalog

A brief summary of CVE-2026-44962, a CVSS 9.9 XPath injection vulnerability in Plesk's APS Application Catalog that allows any authenticated low privileged user to escalate to root through arbitrary OS command execution.

CVE Analysis

9 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-29

Brief Summary: CVE-2026-44962, Critical XPath Injection to Root in Plesk APS Catalog
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

An XPath injection flaw in Plesk's APS Application Catalog search feature allows any authenticated low privileged user to chain a data layer injection into full root level command execution on the underlying server. With a CVSS score of 9.9 and Plesk's widespread deployment across shared hosting infrastructure, this vulnerability turns any customer, reseller, or domain owner account into a potential path to complete server compromise.

Plesk is one of the two dominant web hosting control panels globally (alongside cPanel), serving retail hosting providers with server automation and management capabilities. Developed by Plesk International GmbH and now part of WebPros, it is deployed on shared hosting infrastructure where multiple tenants routinely share a single server instance. Its relevance here is direct: a privilege escalation vulnerability in Plesk does not just affect one site or one user; it potentially affects every tenant on the server.

Technical Information

Vulnerability Classification and Root Cause

CVE-2026-44962 is classified under CWE-643 (Improper Neutralization of Data within XPath Expressions), which describes a condition where "the product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input." It is also related to CWE-91 (XML Injection / Blind XPath Injection).

The root cause lies in the APS (Application Packaging Standard) Catalog's search functionality. The APS Catalog was a Plesk web service that provided access to a large collection of web applications packaged in the APS format. Plesk distinguishes between the "Application Catalog" (a remote repository held by Plesk as the main source of apps) and the "Application Vault" (a local repository). Internally, the catalog data was structured as XML, and search queries were constructed using XPath. User supplied input from the search field was interpolated directly into these XPath queries without proper sanitization.

XPath Injection Mechanics

XPath injection follows patterns similar to SQL injection but targets XML data stores. As defined by OWASP, XPath injection "occurs when a web site uses user-supplied information to construct an XPath query for XML data." Common techniques include injecting expressions that alter query logic, extracting XML document structure through blind injection, and in advanced cases, leveraging XPath extension functions that may enable file access or command execution.

The CWE-643 definition notes that without proper neutralization, attackers can "modify the syntax, content, or commands of the XPath expression." In the case of CVE-2026-44962, the injection was not limited to data extraction or authentication bypass within the XML layer. The injected expressions reached code paths within Plesk that executed operating system commands with elevated privileges.

Attack Flow

Based on the available information, exploitation proceeds through the following steps:

  1. Authentication: The attacker authenticates to the Plesk web interface with any low privileged account. In shared hosting environments, this could be a customer, reseller, or domain owner account.

  2. Access the APS Catalog: The attacker navigates to the APS Application Catalog search functionality, which is accessible through the Plesk panel.

  3. Inject malicious XPath: The attacker crafts a search input containing XPath injection payloads designed to break out of the intended query structure and manipulate the expression logic.

  4. Reach OS command execution: The injected XPath expression reaches backend processing logic that executes OS commands. This is the critical escalation step: the APS Catalog backend apparently passes data from XPath query results to functions capable of shell command execution.

  5. Privilege escalation: Because the backend processes handling APS Catalog queries run with higher system privileges than the authenticated user, the attacker achieves arbitrary command execution as a privileged user, resulting in local privilege escalation to root.

Why This Is Unusual

The chain from XPath injection to OS command execution is uncommon. Most XPath injection vulnerabilities are limited in impact to data extraction or authentication bypass within the XML data layer. The fact that CVE-2026-44962 reaches arbitrary OS command execution indicates a deeper architectural flaw: the APS Catalog backend likely passed unsanitized data from XPath query processing to shell execution functions running with elevated privileges. This same pattern of insufficient privilege boundary enforcement appears in the related CVE-2025-66430 (Password Protected Directories to root), suggesting a systemic architectural issue rather than an isolated coding error.

Prerequisites

FactorDetail
AuthenticationRequired: any authenticated low privileged Plesk user
Network AccessRemote access to Plesk web interface (typically port 8443)
Affected OSPlesk for Linux
User Privilege NeededLow privileged Plesk account (customer, reseller, or domain owner)
ImpactArbitrary OS command execution, local privilege escalation to root

Affected Systems and Versions

The vulnerability affects Plesk Obsidian installations where the APS Catalog is enabled:

  • Plesk Obsidian 18.0.76 and earlier (prior to Update 2 / version 18.0.76.2)
  • Plesk Obsidian 18.0.75 and earlier (prior to Update 1 / version 18.0.75.1)
  • Any Plesk Obsidian version prior to 18.0.77 where the APS Catalog has not been explicitly disabled via panel.ini

The following versions contain the fix:

  • Plesk Obsidian 18.0.76.2 (18.0.76 Update 2, released February 25, 2026)
  • Plesk Obsidian 18.0.75.1 (18.0.75 Update 1, released February 24, 2026)
  • Plesk Obsidian 18.0.77 and later (APS Catalog removed entirely, released April 2026)

The vulnerability specifically requires the APS Catalog to be enabled and accessible. Installations where the APS Catalog has been disabled via the [aps] enabled = off configuration in panel.ini are not exploitable through this vector.

Vendor Security History

Plesk's recent security track record reveals a pattern of privilege escalation vulnerabilities that share a common theme: low privileged authenticated users reaching root level access through different Plesk features.

CVEFeatureImpactTimeline
CVE-2025-66430Password Protected DirectoriesPlesk users gain root level accessDecember 2025
CVE-2026-44962APS Catalog search (XPath injection)Authenticated LPE to root via OS command executionFebruary 2026 fix, May 2026 NVD

Both vulnerabilities share the same impact (root level server compromise from a low privileged starting point) and the same attack surface category (authenticated web interface features). This points to an architectural pattern where Plesk features accessible to low privileged users execute backend operations with excessive system privileges.

The decision to deprecate and remove the entire APS Catalog in version 18.0.77, rather than simply patch the XPath injection, may indicate that Plesk assessed the component as fundamentally insecure or unsustainable to maintain. This is a pragmatic remediation approach, but it also raises questions about whether other Plesk components share similar architectural weaknesses.

On the process side, Plesk has demonstrated good security response practices. The vulnerability was responsibly disclosed by Georgii Shutiaev through HackerOne, and Plesk released patches approximately three months before the NVD publication. The February 2026 security update addressed multiple vulnerabilities simultaneously across the 18.0.75 and 18.0.76 release branches.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization