CVE-2026-1958

UNKNOWN 0.0

Hard-coded passwords in KlinikaXP

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.

CWE	CWE-798
Vendor	bri
Product	klinikaxp insertino
Published	Mar 23, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for bri klinikaxp insertino

Be the first to know when new unknown vulnerabilities affecting bri klinikaxp insertino are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

BRI / KlinikaXP Insertino

0 < 3.1.0.1

BRI / KlinikaXP

0 < 5.39.01.01

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/posts/2026/03/CVE-2026-1958 klinikaxp.pl: https://www.klinikaxp.pl/

Credits

Wojciech Giełda