CVE-2026-12116
CVE-2026-12116
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.
| Vendor | xerte |
| Product | xerte online tools |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for xerte xerte online tools
Be the first to know when new critical vulnerabilities affecting xerte xerte online tools are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Xerte / Xerte Online Tools
0 < v3.15.5
Xerte / Xerte Online Tools
0 < 3.14.6
References
github.com: https://github.com/thexerteproject/xerteonlinetoolkits/commit/8ef20628f80bd88bd1fe3e5844a9116a910086b7 github.com: https://github.com/thexerteproject/xerteonlinetoolkits/issues/1543 xerte.org.uk: https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update