{"id":1437,"date":"2026-07-03T14:08:31","date_gmt":"2026-07-03T13:08:31","guid":{"rendered":"https:\/\/hostinguk.net\/blog\/?p=1437"},"modified":"2026-07-03T14:08:33","modified_gmt":"2026-07-03T13:08:33","slug":"plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/","title":{"rendered":"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know"},"content":{"rendered":"\n<p>A recently disclosed security vulnerability in the Plesk XML API has been identified as CVE-2026-48614. The issue affects older versions of Plesk and could allow local privilege escalation, meaning someone with limited access to a server may be able to gain higher-level permissions if the system has not been updated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is the vulnerability?<\/h2>\n\n\n\n<p>CVE-2026-48614 is a vulnerability in Plesk\u2019s XML API\u00a0component. According to Plesk, versions below 18.0.30 are vulnerable, while Plesk 18.0.30 through 18.0.78.4 include the fix, and Plesk 18.0.79 and later are listed as unaffected. The reported impact is local privilege escalation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Who is affected?<\/h2>\n\n\n\n<p>This vulnerability affects servers running Plesk versions below 18.0.30. If your server is running a supported and fully updated version of Plesk, you should already have the necessary protection in place. If you manage your own server, it is important to check the installed Plesk version and confirm that automatic updates are enabled.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What should you do now?<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Update Plesk to the latest available version as soon as possible.<\/li>\n\n\n\n<li>If you cannot update\u00a0immediately, disable the Plesk XML API until the update can be applied.<\/li>\n\n\n\n<li>Restrict server access to trusted users only.<\/li>\n\n\n\n<li>Review administrator and user accounts for anything unusual.<\/li>\n\n\n\n<li>Keep an eye on vendor security advisories for further updates.\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Our advice<\/h2>\n\n\n\n<p>The most\u00a0important step\u00a0is to make sure Plesk is fully up to date. Security updates are released to reduce risk\u00a0quickly, and\u00a0applying them promptly is one of the best ways to protect your hosting environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Managed customers<\/h2>\n\n\n\n<p>If your hosting is managed by us, we are actively patching affected managed customer servers as a matter of urgency and will continue to\u00a0monitor\u00a0vendor guidance closely.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Unmanaged customers<\/h2>\n\n\n\n<p>If you manage your own server, please update Plesk as soon as possible to ensure you are protected. If you are unsure whether you are affected, please contact our support team and we can help you check your Plesk version and recommended next steps.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recently disclosed security vulnerability in the Plesk XML API has been identified as CVE-2026-48614. The issue affects older versions of Plesk and could allow local privilege escalation, meaning someone with limited access to a server may be able to gain higher-level permissions if the system has not been updated. What is the vulnerability? CVE-2026-48614&#8230; <a class=\"moretag\" href=\"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/\">Keep Reading<\/a><\/p>\n","protected":false},"author":9,"featured_media":1439,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[229],"tags":[],"class_list":["post-1437","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know - Hosting UK<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know - Hosting UK\" \/>\n<meta property=\"og:description\" content=\"A recently disclosed security vulnerability in the Plesk XML API has been identified as CVE-2026-48614. The issue affects older versions of Plesk and could allow local privilege escalation, meaning someone with limited access to a server may be able to gain higher-level permissions if the system has not been updated. What is the vulnerability? CVE-2026-48614... Keep Reading\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/\" \/>\n<meta property=\"og:site_name\" content=\"Hosting UK\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-03T13:08:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-03T13:08:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hostinguk.net\/blog\/wp-content\/uploads\/2026\/07\/20260703-Plesk-XML-API-Vulnerability-CVE-2026-48614-scaled.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1241\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Adrien Tibi\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adrien Tibi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/\"},\"author\":{\"name\":\"Adrien Tibi\",\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/#\\\/schema\\\/person\\\/5fa81506dbbb5950d5a306f174f949f2\"},\"headline\":\"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know\",\"datePublished\":\"2026-07-03T13:08:31+00:00\",\"dateModified\":\"2026-07-03T13:08:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/\"},\"wordCount\":332,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/20260703-Plesk-XML\\u0003-API-Vulnerability\\u0003-CVE-2026-48614-scaled.webp\",\"articleSection\":[\"Security\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/\",\"url\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/\",\"name\":\"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know - Hosting UK\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/20260703-Plesk-XML\\u0003-API-Vulnerability\\u0003-CVE-2026-48614-scaled.webp\",\"datePublished\":\"2026-07-03T13:08:31+00:00\",\"dateModified\":\"2026-07-03T13:08:33+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/#\\\/schema\\\/person\\\/5fa81506dbbb5950d5a306f174f949f2\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/20260703-Plesk-XML\\u0003-API-Vulnerability\\u0003-CVE-2026-48614-scaled.webp\",\"contentUrl\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/20260703-Plesk-XML\\u0003-API-Vulnerability\\u0003-CVE-2026-48614-scaled.webp\",\"width\":2560,\"height\":1241},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/\",\"name\":\"Hosting UK\",\"description\":\"Hosting UK | Domain names | Web hosting | Dedicated Servers\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/#\\\/schema\\\/person\\\/5fa81506dbbb5950d5a306f174f949f2\",\"name\":\"Adrien Tibi\",\"url\":\"https:\\\/\\\/hostinguk.net\\\/blog\\\/author\\\/adrien-tibi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know - Hosting UK","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know - Hosting UK","og_description":"A recently disclosed security vulnerability in the Plesk XML API has been identified as CVE-2026-48614. The issue affects older versions of Plesk and could allow local privilege escalation, meaning someone with limited access to a server may be able to gain higher-level permissions if the system has not been updated. What is the vulnerability? CVE-2026-48614... Keep Reading","og_url":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/","og_site_name":"Hosting UK","article_published_time":"2026-07-03T13:08:31+00:00","article_modified_time":"2026-07-03T13:08:33+00:00","og_image":[{"width":2560,"height":1241,"url":"https:\/\/hostinguk.net\/blog\/wp-content\/uploads\/2026\/07\/20260703-Plesk-XML\u0003-API-Vulnerability\u0003-CVE-2026-48614-scaled.webp","type":"image\/webp"}],"author":"Adrien Tibi","twitter_misc":{"Written by":"Adrien Tibi","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#article","isPartOf":{"@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/"},"author":{"name":"Adrien Tibi","@id":"https:\/\/hostinguk.net\/blog\/#\/schema\/person\/5fa81506dbbb5950d5a306f174f949f2"},"headline":"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know","datePublished":"2026-07-03T13:08:31+00:00","dateModified":"2026-07-03T13:08:33+00:00","mainEntityOfPage":{"@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/"},"wordCount":332,"commentCount":0,"image":{"@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#primaryimage"},"thumbnailUrl":"https:\/\/hostinguk.net\/blog\/wp-content\/uploads\/2026\/07\/20260703-Plesk-XML\u0003-API-Vulnerability\u0003-CVE-2026-48614-scaled.webp","articleSection":["Security"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/","url":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/","name":"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know - Hosting UK","isPartOf":{"@id":"https:\/\/hostinguk.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#primaryimage"},"image":{"@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#primaryimage"},"thumbnailUrl":"https:\/\/hostinguk.net\/blog\/wp-content\/uploads\/2026\/07\/20260703-Plesk-XML\u0003-API-Vulnerability\u0003-CVE-2026-48614-scaled.webp","datePublished":"2026-07-03T13:08:31+00:00","dateModified":"2026-07-03T13:08:33+00:00","author":{"@id":"https:\/\/hostinguk.net\/blog\/#\/schema\/person\/5fa81506dbbb5950d5a306f174f949f2"},"breadcrumb":{"@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#primaryimage","url":"https:\/\/hostinguk.net\/blog\/wp-content\/uploads\/2026\/07\/20260703-Plesk-XML\u0003-API-Vulnerability\u0003-CVE-2026-48614-scaled.webp","contentUrl":"https:\/\/hostinguk.net\/blog\/wp-content\/uploads\/2026\/07\/20260703-Plesk-XML\u0003-API-Vulnerability\u0003-CVE-2026-48614-scaled.webp","width":2560,"height":1241},{"@type":"BreadcrumbList","@id":"https:\/\/hostinguk.net\/blog\/plesk-xml-api-vulnerability-cve-2026-48614-what-you-need-to-know\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostinguk.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Plesk XML API Vulnerability CVE-2026-48614: What You Need to Know"}]},{"@type":"WebSite","@id":"https:\/\/hostinguk.net\/blog\/#website","url":"https:\/\/hostinguk.net\/blog\/","name":"Hosting UK","description":"Hosting UK | Domain names | Web hosting | Dedicated Servers","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostinguk.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/hostinguk.net\/blog\/#\/schema\/person\/5fa81506dbbb5950d5a306f174f949f2","name":"Adrien Tibi","url":"https:\/\/hostinguk.net\/blog\/author\/adrien-tibi\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/hostinguk.net\/blog\/wp-content\/uploads\/2026\/07\/20260703-Plesk-XML\u0003-API-Vulnerability\u0003-CVE-2026-48614-scaled.webp","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p63y3g-nb","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/1437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/comments?post=1437"}],"version-history":[{"count":1,"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/1437\/revisions"}],"predecessor-version":[{"id":1438,"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/1437\/revisions\/1438"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/media\/1439"}],"wp:attachment":[{"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/media?parent=1437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/categories?post=1437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostinguk.net\/blog\/wp-json\/wp\/v2\/tags?post=1437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}