Remote Code Execution Vulnerability in Xerte Online Tools
CVE-2026-12116

Currently unrated

Key Information:

Vendor

Xerte

Vendor
CVE Published:
9 July 2026

What is CVE-2026-12116?

A misconfiguration in Xerte Online Tools allows an attacker to modify the antivirus binary path in server settings, switching it to a PHP interpreter. This vulnerability permits attackers to upload malicious PHP content, which can then be executed on the server, potentially leading to unauthorized access and system compromise.

Affected Version(s)

Xerte Online Tools 0

Xerte Online Tools 0 < 3.14.6

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.