Back to overview

CVE-2026-14261

Description
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.

Metadata

CVE ID
CVE-2026-14261
State
PUBLISHED
Assigner
certcc
Reserved
2026-06-30 16:15 UTC
Published
2026-07-09 12:37 UTC
Last updated
2026-07-09 12:37 UTC
Vendor / Product
Xerte / Xerte Online Tools
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (2)
VendorProductPlatformVersions
Xerte Xerte Online Tools 0 < 3.14.6
Xerte Xerte Online Tools 0 < 3.15.5
Weakness (CWE)
CWESourceDescription
cna CWE-288: Authentication Bypass Using an Alternate Path or Channel
Back to overview