Authentication Bypass and Remote Code Execution in Xerte Online Tools by Xerte Project
CVE-2026-14261

Currently unrated

Key Information:

Vendor

Xerte

Vendor
CVE Published:
9 July 2026

What is CVE-2026-14261?

A critical security vulnerability in Xerte Online Tools permits attackers to execute commands remotely and bypass authentication measures. By manipulating the service through the vulnerable /setup/ folder, an attacker can reinstall the service using a remote database they control, compromising the integrity and confidentiality of the system. It is crucial for users of Xerte Online Tools versions 3.14 and 3.15 to apply the latest security updates to mitigate potential risks.

Affected Version(s)

Xerte Online Tools 0 < 3.14.6

Xerte Online Tools 0 < 3.15.5

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.