{"vulnerability": "cve-2026-56843", "sightings": [{"uuid": "45d40069-3c0b-4486-8301-1a179be30514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56843", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116881766886443952", "content": "CVE-2026-56843 (CRITICAL, CVSS 9.9): WebPros Plesk &lt;18.0.78.4 has insufficient auth in XML-RPC API, letting low-privileged users access other tenants\u2019 cleartext FTP creds &amp; run code as them. Restrict API access &amp; monitor. https://radar.offseq.com/threat/cve-2026-56843-cwe-522-insufficiently-protected-cr-45d7ae62ed3d3640 #OffSeq #Infosec #Plesk", "creation_timestamp": "2026-07-08T01:30:26.980630Z"}, {"uuid": "3fddd886-4f25-442d-bfff-bad950d2ddf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56843", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq3xtwsr2j2i", "content": "WebPros Plesk &lt;18.0.78.4: CRITICAL (CVSS 9.9) vuln lets low-privileged users access other tenants\u2019 FTP creds &amp; execute code as them. Restrict XML-RPC API, monitor activity. Patch status pending. https://radar.offseq.com/threat/cve-2026-56843-cwe-522-insufficiently-protected-cr-45d7ae62ed3d3640 #O...", "creation_timestamp": "2026-07-08T01:30:28.957691Z"}, {"uuid": "80fc8369-ed23-4638-9a48-7e77307f3098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56843", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3ywy72aw2r", "content": "CVE-2026-56843\nA security issue in Plesk's XML-RPC API allows low-privileged users to see details of domains they don't own. This could lead to unauthorized access to sensitive information, such as FTP credentials, which\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-08T01:50:31.653088Z"}, {"uuid": "00f7b647-988a-4341-82f8-12648eecc216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56843", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq4633ovna2x", "content": "CVE-2026-56843 - WebPros Plesk XML-RPC API Incorrect Authorization Vulnerability\nCVE ID : CVE-2026-56843\n \n Published : July 8, 2026, 1:16 a.m. | 1\u00a0hour, 58\u00a0minutes ago\n \n Description : Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-p...", "creation_timestamp": "2026-07-08T03:21:50.884349Z"}]}