20 June 2026
Reference: CVE-2026-34413
1. What is being reported?
The problem is with a part of Xerte Online Toolkits that handles file management. Because of a coding mistake, unauthorised users can bypass security checks and perform actions like uploading, renaming, or deleting files on the server. This could even allow hackers to run harmful code remotely.
2. What this means in plain English
If your organisation uses this software, attackers might be able to change or delete your project files or worse, take control of your system. This could disrupt your services or expose sensitive information.
3. Could this affect a small business?
Small organisations using Xerte Online Toolkits version 3.15 or earlier could be at risk. If you do not use this software, or use a newer, updated version, you are unlikely to be affected.
4. What to do now
- Check if you use Xerte Online Toolkits and identify the version.
- If you use version 3.15 or earlier, contact your software provider about updates or patches.
- Restrict access to the software’s file management features until the issue is fixed.
- Ask your IT provider to review your system for any signs of unauthorised access.
5. Ask your IT provider
Can you confirm if our Xerte Online Toolkits installation is affected by CVE-2026-34413, and what steps are being taken to secure it?
6. Bottom line
If you use Xerte Online Toolkits, act quickly to update or secure it to prevent serious file access risks.
Information based on CISA KEV, NVD, and reputable security reporting.