Vulnerability in Webpros Plesk
CVE-2026-56843
Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema valida…
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Webpros Plesk — versions 10.4
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-56843?
- CVE-2026-56843 is a critical-severity vulnerability in Webpros Plesk, classified under Insufficiently Protected Credentials. CVSS score: 9.9/10. Published 2026-07-08.
- How severe is CVE-2026-56843?
- Critical severity. CVSS v3 base score is 9.9 out of 10.