CVE-2026-14261
CVE-2026-14261
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
| Vendor | xerte |
| Product | xerte online tools |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for xerte xerte online tools
Be the first to know when new critical vulnerabilities affecting xerte xerte online tools are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Xerte / Xerte Online Tools
0 < 3.14.6
Xerte / Xerte Online Tools
0 < 3.15.5
References
github.com: https://github.com/thexerteproject/xerteonlinetoolkits/issues/1532 github.com: https://github.com/thexerteproject/xerteonlinetoolkits/commit/8fec6602e80c5d35903d65e65b65b794297d8e90 xerte.org.uk: https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update