CVE-2026-34413: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere in thexerteproject xerteonlinetoolkits
Xerte Online Toolkits versions 3. 15 and earlier have a missing authentication vulnerability in the elFinder connector endpoint. The endpoint redirects unauthenticated requests but fails to terminate execution, allowing PHP code to continue processing the request. This enables unauthenticated attackers to perform file operations such as creating, uploading, renaming, duplicating, overwriting, and deleting files within project media directories. These actions can be combined with other vulnerabilities like path traversal and extension blocklist bypasses to achieve remote code execution and arbitrary file read. The vulnerability has a high severity with a CVSS score of 8. 8. No official patch or remediation guidance is currently available from the vendor.
AI Analysis
Technical Summary
CVE-2026-34413 affects Xerte Online Toolkits up to version 3.15. The vulnerability arises because the elFinder connector endpoint at /editor/elfinder/php/connector.php performs an HTTP redirect for unauthenticated callers but does not call exit() or die(), allowing PHP execution to continue. This missing authentication check permits unauthenticated attackers to manipulate files within project media directories, including creating, uploading, renaming, duplicating, overwriting, and deleting files. When chained with path traversal and extension blocklist bypass vulnerabilities, this can lead to remote code execution and arbitrary file read. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on integrity and availability.
Potential Impact
The vulnerability allows unauthenticated attackers to perform unauthorized file operations on the server hosting Xerte Online Toolkits. This can lead to remote code execution and arbitrary file read, potentially compromising the confidentiality, integrity, and availability of the affected system. The high CVSS score of 8.8 reflects the significant risk posed by this vulnerability if exploited.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected endpoint and consider implementing additional access controls or web application firewall rules to block unauthenticated requests to /editor/elfinder/php/connector.php. Monitor for updates from the vendor regarding patches or official mitigations.
CVE-2026-34413: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere in thexerteproject xerteonlinetoolkits
Description
Xerte Online Toolkits versions 3. 15 and earlier have a missing authentication vulnerability in the elFinder connector endpoint. The endpoint redirects unauthenticated requests but fails to terminate execution, allowing PHP code to continue processing the request. This enables unauthenticated attackers to perform file operations such as creating, uploading, renaming, duplicating, overwriting, and deleting files within project media directories. These actions can be combined with other vulnerabilities like path traversal and extension blocklist bypasses to achieve remote code execution and arbitrary file read. The vulnerability has a high severity with a CVSS score of 8. 8. No official patch or remediation guidance is currently available from the vendor.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-34413 affects Xerte Online Toolkits up to version 3.15. The vulnerability arises because the elFinder connector endpoint at /editor/elfinder/php/connector.php performs an HTTP redirect for unauthenticated callers but does not call exit() or die(), allowing PHP execution to continue. This missing authentication check permits unauthenticated attackers to manipulate files within project media directories, including creating, uploading, renaming, duplicating, overwriting, and deleting files. When chained with path traversal and extension blocklist bypass vulnerabilities, this can lead to remote code execution and arbitrary file read. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on integrity and availability.
Potential Impact
The vulnerability allows unauthenticated attackers to perform unauthorized file operations on the server hosting Xerte Online Toolkits. This can lead to remote code execution and arbitrary file read, potentially compromising the confidentiality, integrity, and availability of the affected system. The high CVSS score of 8.8 reflects the significant risk posed by this vulnerability if exploited.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected endpoint and consider implementing additional access controls or web application firewall rules to block unauthenticated requests to /editor/elfinder/php/connector.php. Monitor for updates from the vendor regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-03-27T15:24:06.752Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e91af419fe3cd2cde2a8ac
Added to database: 4/22/2026, 7:01:08 PM
Last enriched: 4/22/2026, 7:16:22 PM
Last updated: 4/22/2026, 8:49:03 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.