Home

Description

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.

PUBLISHED Reserved 2026-06-30 | Published 2026-07-09 | Updated 2026-07-09 | Assigner certcc

Problem types

CWE-288: Authentication Bypass Using an Alternate Path or Channel

Product status

Any version before 3.14.6
affected

Any version before 3.15.5
affected

References

github.com/thexerteproject/xerteonlinetoolkits/issues/1532

github.com/...ommit/8fec6602e80c5d35903d65e65b65b794297d8e90

www.xerte.org.uk/...-3-14-and-3-15-important-security-update

cve.org (CVE-2026-14261)

nvd.nist.gov (CVE-2026-14261)

Download JSON