CVE-2026-1958
Deferred Deferred - Pending Action
Hardcoded Credentials in KlinikaXP Enable Malicious Update Upload

Publication date: 2026-03-23

Last updated on: 2026-05-19

Assigner: CERT.PL

Description
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-05-19
Generated
2026-06-19
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-18
NVD
CVE-2026-1958
EUVD
EUVD-2026-14411
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
bri klinikaxp to 5.39.01.01 (exc)
bri klinikaxp_insertino to 3.1.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-1958 is a vulnerability in the KlinikaXP and KlinikaXP Insertino software caused by the use of hard-coded credentials. These credentials allowed unauthorized attackers to access several internal services, including the FTP server that hosts the application's update packages."}, {'type': 'paragraph', 'content': 'An attacker with these credentials could upload a malicious update file, which would then be distributed and installed on client machines as if it were a legitimate update, potentially compromising those systems.'}, {'type': 'paragraph', 'content': 'The issue affects KlinikaXP versions before 5.39.01.01 and KlinikaXP Insertino versions before 3.1.0.1. Mitigation involved removing the hard-coded credentials from the code and rotating previously exposed credentials to prevent further attacks.'}] [1]

Impact Analysis

This vulnerability can lead to unauthorized access to internal services of the KlinikaXP software, including the FTP server that distributes application updates.

An attacker exploiting this vulnerability could upload malicious update files that would be installed on client machines as trusted updates, potentially compromising the security and integrity of those systems.

Such a compromise could result in unauthorized data access, system manipulation, or further malware distribution within affected environments.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability in KlinikaXP and KlinikaXP Insertino, you should ensure that you are running versions 5.39.01.01 or later for KlinikaXP and 3.1.0.1 or later for KlinikaXP Insertino, as these versions have removed the hard-coded credentials.

Additionally, previously exposed credentials have been rotated to prevent further unauthorized access.

Removing hard-coded credentials from the codebase and changing access credentials for internal services, especially the FTP server hosting update packages, are critical steps to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1958. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart