OUR BLOG

Keep up with the latest web trends and Hosting UK news.

Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know

A recently disclosed security vulnerability in the Plesk XML API has been identified as CVE-2026-48614. The issue affects older versions of Plesk and could allow local privilege escalation, meaning someone with limited access to a server may be able to gain higher-level permissions if the system has not been updated.

What is the vulnerability?

CVE-2026-48614 is a vulnerability in Plesk’s XML API component. According to Plesk, versions below 18.0.30 are vulnerable, while Plesk 18.0.30 through 18.0.78.4 include the fix, and Plesk 18.0.79 and later are listed as unaffected. The reported impact is local privilege escalation.

Who is affected?

This vulnerability affects servers running Plesk versions below 18.0.30. If your server is running a supported and fully updated version of Plesk, you should already have the necessary protection in place. If you manage your own server, it is important to check the installed Plesk version and confirm that automatic updates are enabled.

What should you do now?

  • Update Plesk to the latest available version as soon as possible.
  • If you cannot update immediately, disable the Plesk XML API until the update can be applied.
  • Restrict server access to trusted users only.
  • Review administrator and user accounts for anything unusual.
  • Keep an eye on vendor security advisories for further updates. 

Our advice

The most important step is to make sure Plesk is fully up to date. Security updates are released to reduce risk quickly, and applying them promptly is one of the best ways to protect your hosting environment.

Managed customers

If your hosting is managed by us, we are actively patching affected managed customer servers as a matter of urgency and will continue to monitor vendor guidance closely.

Unmanaged customers

If you manage your own server, please update Plesk as soon as possible to ensure you are protected. If you are unsure whether you are affected, please contact our support team and we can help you check your Plesk version and recommended next steps.