CVE-2026-14261 PUBLISHED

CVE-2026-14261

Assigner: certcc
Reserved: 30.06.2026 Published: 09.07.2026 Updated: 09.07.2026

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.

Product Status

Vendor Xerte
Product Xerte Online Tools
Versions
  • affected from 0 to 3.14.6 (excl.)
Vendor Xerte
Product Xerte Online Tools
Versions
  • affected from 0 to 3.15.5 (excl.)

References

Problem Types

  • CWE-288: Authentication Bypass Using an Alternate Path or Channel