Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw Found in Xerte Online Toolkits Could Let Hackers Take Control

A serious security weakness has been found in Xerte Online Toolkits, a tool used to create online learning materials. This flaw lets attackers upload harmful files without logging in, potentially allowing them to take control of the website hosting the tool. This matters because it could lead to data theft or damage to your website.

07 June 2026

Reference: CVE-2026-32985

1. What is being reported?

The report explains that versions 3.14 and earlier of Xerte Online Toolkits have a problem in their template import feature. Attackers can upload a specially made ZIP file containing harmful code that the system then places in a part of the website that anyone can access and run. This means hackers can run commands on the web server without needing a password.

2. What this means in plain English

For a small organisation using Xerte Online Toolkits, this means that if your version is outdated, someone could take over your website or server remotely. This could lead to loss of control over your data, website defacement, or further attacks on your network.

3. Could this affect a small business?

Only organisations using Xerte Online Toolkits version 3.14 or earlier are at risk. If you do not use this software, or if your software is updated beyond this version, you are likely not affected.

4. What to do now

  • Check if your organisation uses Xerte Online Toolkits and identify the version number.
  • If you use version 3.14 or earlier, contact your software supplier or IT provider immediately to arrange an update or patch.
  • Restrict access to the template import feature until the vulnerability is fixed.
  • Monitor your website and server logs for any unusual activity and report concerns to your IT provider.

5. Ask your IT provider

Can you confirm if our Xerte Online Toolkits installation is version 3.14 or earlier, and if so, can you apply the necessary updates or patches to fix the critical security vulnerability CVE-2026-32985?

6. Bottom line

If you use Xerte Online Toolkits, update it now to prevent hackers from taking control of your website.

Information based on CISA KEV, NVD and reputable security reporting.

Back to Vulnerability Briefs