Authentication Bypass and Remote Code Execution in Xerte Online Tools by Xerte Project
CVE-2026-14261
Currently unrated
What is CVE-2026-14261?
A critical security vulnerability in Xerte Online Tools permits attackers to execute commands remotely and bypass authentication measures. By manipulating the service through the vulnerable /setup/ folder, an attacker can reinstall the service using a remote database they control, compromising the integrity and confidentiality of the system. It is crucial for users of Xerte Online Tools versions 3.14 and 3.15 to apply the latest security updates to mitigate potential risks.
Affected Version(s)
Xerte Online Tools 0 < 3.14.6
Xerte Online Tools 0 < 3.15.5
