Critical9.9Red Hat & Ubuntu Linux Updated
Privilege escalation via improper authorization in XML API
CVE-2026-48614 Published Jul 6, 2026Updated by vendor Jul 6, 2026
CVE-2026-48614
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Privilege escalation via improper authorization in XML API. Red Hat rates this critical (CVSS 9.9). Weakness: CWE-15. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- Red Hat OpenShift Dev Spaces is not affected because it does not ship or rely on Plesk or expose the Plesk XML API. The vulnerable functionality resides within the Plesk-specific integration of the go-acme/lego library, which is not used by the product. Authentication is also required to exploit the vulnerability. No product changes are required.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.