CVE-2026-14261
Description
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
Metadata
Severity & Metrics
No CVSS data available.
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Xerte | Xerte Online Tools | — | 0 < 3.14.6 |
| Xerte | Xerte Online Tools | — | 0 < 3.15.5 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| — | cna | CWE-288: Authentication Bypass Using an Alternate Path or Channel |
References (3)