GHSA-3g88-3v3g-pch4CriticalCVSS 9.1
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code...
🔗 CVE IDs covered (1)
📋 Description
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2026-14261
- https://github.com/thexerteproject/xerteonlinetoolkits/issues/1532
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/8fec6602e80c5d35903d65e65b65b794297d8e90
- https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update
- https://github.com/advisories/GHSA-3g88-3v3g-pch4