CVE-2026-1958

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/posts/2026/03/CVE-2026-1958
https://www.klinikaxp.pl/

Configurations

No configuration.

History

19 May 2026, 15:17

Type	Values Removed	Values Added
Summary		(es) El uso de credenciales codificadas en Klinika XP y KlinikaXP Insertino permitió a un atacante no autorizado acceder a varios servicios internos. Críticamente, esto incluía el acceso al servidor FTP que alojaba los paquetes de actualización de la aplicación. El atacante con estas credenciales podría cargar un archivo de actualización malicioso, el cual podría haber sido distribuido e instalado en máquinas cliente como una actualización legítima. Este problema afecta a KlinikaXP: antes de la 5.39.01.01. y a KlinikaXP Insertino antes de la 3.1.0.1. Además de eliminar las credenciales codificadas del código, las credenciales previamente expuestas también fueron rotadas, evitando futuros intentos de ataque.

23 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-23 13:16

Updated : 2026-05-19 15:17

NVD link : CVE-2026-1958

Mitre link : CVE-2026-1958

CVE.ORG link : CVE-2026-1958

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2026-1958", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-23T13:16:30.093", "references": [{"url": "https://cert.pl/posts/2026/03/CVE-2026-1958", "source": "cvd@cert.pl"}, {"url": "https://www.klinikaxp.pl/", "source": "cvd@cert.pl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.\n\nThis issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1\n\nBeside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts."}, {"lang": "es", "value": "El uso de credenciales codificadas en Klinika XP y KlinikaXP Insertino permiti\u00f3 a un atacante no autorizado acceder a varios servicios internos. Cr\u00edticamente, esto inclu\u00eda el acceso al servidor FTP que alojaba los paquetes de actualizaci\u00f3n de la aplicaci\u00f3n. El atacante con estas credenciales podr\u00eda cargar un archivo de actualizaci\u00f3n malicioso, el cual podr\u00eda haber sido distribuido e instalado en m\u00e1quinas cliente como una actualizaci\u00f3n leg\u00edtima.\n\nEste problema afecta a KlinikaXP: antes de la 5.39.01.01. y a KlinikaXP Insertino antes de la 3.1.0.1.\n\nAdem\u00e1s de eliminar las credenciales codificadas del c\u00f3digo, las credenciales previamente expuestas tambi\u00e9n fueron rotadas, evitando futuros intentos de ataque."}], "lastModified": "2026-05-19T15:17:37.183", "sourceIdentifier": "cvd@cert.pl"}