ГлавнаяУязвимости → CVE-2026-14261
9.1критическая

CVE-2026-14261

Описание

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.

CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/thexerteproject/xerteonlinetoolkits/commit/8fec6602e80c5d35903d65e65b65b794297d8e90https://github.com/thexerteproject/xerteonlinetoolkits/issues/1532https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update