CVE-2026-56843: CWE-522 Insufficiently Protected Credentials in Webpros Plesk
CVE-2026-56843 is a critical vulnerability in WebPros Plesk before version 18.0.78.4 where incorrect authorization in the XML-RPC API allows low-privileged authenticated users to access domains they do not own. This flaw bypasses ownership enforcement for certain lookup filters and legacy protocol schema validation, leading to cross-tenant disclosure of FTP credentials stored in cleartext. Exploiting this can enable attackers to execute code as another tenant's system user.
AI Analysis
Technical Summary
The vulnerability arises from incorrect authorization checks in the XML-RPC API of WebPros Plesk prior to version 18.0.78.4. Specifically, ownership verification is only enforced for certain lookup filters, and schema validation is bypassed for legacy protocol versions. This allows a low-privileged authenticated customer to retrieve domain information and FTP credentials belonging to other tenants. Since these credentials are stored in cleartext, an attacker can leverage them to execute code under another tenant's system user context, resulting in a critical cross-tenant security breach.
Potential Impact
Successful exploitation leads to cross-tenant information disclosure of FTP credentials stored in cleartext, compromising confidentiality. It also enables code execution as another tenant's system user, impacting integrity and availability. The vulnerability affects tenant isolation and can lead to full compromise of other tenants' environments within the same Plesk installation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch information is provided in the available data. Until a patch is released, restrict access to the XML-RPC API to trusted users only and monitor for suspicious activity involving domain lookups. Avoid using legacy protocol versions if possible.
CVE-2026-56843: CWE-522 Insufficiently Protected Credentials in Webpros Plesk
Description
CVE-2026-56843 is a critical vulnerability in WebPros Plesk before version 18.0.78.4 where incorrect authorization in the XML-RPC API allows low-privileged authenticated users to access domains they do not own. This flaw bypasses ownership enforcement for certain lookup filters and legacy protocol schema validation, leading to cross-tenant disclosure of FTP credentials stored in cleartext. Exploiting this can enable attackers to execute code as another tenant's system user.
CVSS v3.1
Score 9.9critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises from incorrect authorization checks in the XML-RPC API of WebPros Plesk prior to version 18.0.78.4. Specifically, ownership verification is only enforced for certain lookup filters, and schema validation is bypassed for legacy protocol versions. This allows a low-privileged authenticated customer to retrieve domain information and FTP credentials belonging to other tenants. Since these credentials are stored in cleartext, an attacker can leverage them to execute code under another tenant's system user context, resulting in a critical cross-tenant security breach.
Potential Impact
Successful exploitation leads to cross-tenant information disclosure of FTP credentials stored in cleartext, compromising confidentiality. It also enables code execution as another tenant's system user, impacting integrity and availability. The vulnerability affects tenant isolation and can lead to full compromise of other tenants' environments within the same Plesk installation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch information is provided in the available data. Until a patch is released, restrict access to the XML-RPC API to trusted users only and monitor for suspicious activity involving domain lookups. Avoid using legacy protocol versions if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- hackerone
- Date Reserved
- 2026-06-23T15:00:03.632Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4da0cec9d9e3dbe333a493
Added to database: 07/08/2026, 00:58:54 UTC
Last enriched: 07/08/2026, 01:13:27 UTC
Last updated: 07/08/2026, 02:17:12 UTC
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.