๐Ÿ” CVE Alert

CVE-2026-12116

CRITICAL 9.8

CVE-2026-12116

CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.

Vendor xerte
Product xerte online tools
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for xerte xerte online tools

Be the first to know when new critical vulnerabilities affecting xerte xerte online tools are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Xerte / Xerte Online Tools
0 < v3.15.5
Xerte / Xerte Online Tools
0 < 3.14.6

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/thexerteproject/xerteonlinetoolkits/commit/8ef20628f80bd88bd1fe3e5844a9116a910086b7 github.com: https://github.com/thexerteproject/xerteonlinetoolkits/issues/1543 xerte.org.uk: https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update