CVE-2026-14261

Source
https://cve.org/CVERecord?id=CVE-2026-14261
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14261.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-14261
Published
2026-07-09T12:37:43.523Z
Modified
2026-07-15T01:49:13.894722728Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
CVE-2026-14261
Details

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14261.json",
    "cna_assigner": "certcc"
}
References

Affected packages

Git / github.com/thexerteproject/xerteonlinetoolkits

Affected ranges

Type
GIT
Repo
https://github.com/thexerteproject/xerteonlinetoolkits
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.14.6"
        },
        {
            "fixed": "3.15.5"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.0
2.1-beta
AI-v3.*
AI-v3.15
AI-v3.15-dev
AI-v3.15.1
AI-v3.15.2
AI-v3.15.3
AI-v3.15.4
X-v3.*
X-v3.7.1
X-v3.7.10
X-v3.7.11
X-v3.7.12
X-v3.7.13
X-v3.7.14
X-v3.7.14-dev
X-v3.7.2
X-v3.7.3
X-v3.7.4
X-v3.7.5
X-v3.7.6
X-v3.7.7
X-v3.7.8
X-v3.7.9
Other
git
initial
vX
v.*
v.3.11.19
v.3.12.27
v.3.12.6
v.3.13.1
v2.*
v2.0
v2.1
v2.1-beta
v3.*
v3.0-beta
v3.1
v3.10
v3.10-dev
v3.10.1
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.11
v3.11-dev
v3.11.1
v3.11.10
v3.11.11
v3.11.12
v3.11.13
v3.11.14
v3.11.15
v3.11.16
v3.11.17
v3.11.18
v3.11.2
v3.11.20
v3.11.21
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.12
v3.12-dev
v3.12.1
v3.12.10
v3.12.11
v3.12.12
v3.12.13
v3.12.14
v3.12.15
v3.12.16
v3.12.17
v3.12.18
v3.12.19
v3.12.2
v3.12.20
v3.12.21
v3.12.22
v3.12.23
v3.12.24
v3.12.25
v3.12.26
v3.12.28
v3.12.29
v3.12.3
v3.12.30
v3.12.31
v3.12.32
v3.12.33
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.12.8
v3.12.9
v3.13
v3.13-dev
v3.13.2
v3.13.3
v3.13.4
v3.13.5
v3.13.6
v3.13.7
v3.14-dev
v3.14.0
v3.14.1
v3.14.2
v3.14.3
v3.14.4
v3.14.5
v3.4
v3.4.1
v3.4.2
v3.5
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.6
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.8
v3.8-dev
v3.8.1
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.9
v3.9-dev

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14261.json"