CVE-2026-12116 PUBLISHED

CVE-2026-12116

Assigner: certcc
Reserved: 12.06.2026 Published: 09.07.2026 Updated: 09.07.2026

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.

Product Status

Vendor Xerte
Product Xerte Online Tools
Versions
  • affected from 0 to v3.15.5 (excl.)
Vendor Xerte
Product Xerte Online Tools
Versions
  • affected from 0 to 3.14.6 (excl.)

References

Problem Types

  • CWE-94: Improper Control of Generation of Code ('Code Injection')