CVE-2026-14261
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/
CVSS
9.1
Crítico
EPSS
0.6%
p43
KEV
—
Exploit Today
13
0-100
Publicado: 9 jul 2026 · Última mod.: 9 jul 2026
0.6%EPSS · 30 días0.6%
2026-07-102026-07-17
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
- github.comhttps://github.com/thexerteproject/xerteonlinetoolkits/commit/8fec6602e80c5d35903d65e65b65b794297d8e90
- github.comhttps://github.com/thexerteproject/xerteonlinetoolkits/issues/1532
- www.xerte.org.ukhttps://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update
Sin CVEs relacionados por CWE o producto.