CVE-2026-1958

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/posts/2026/03/CVE-2026-1958
https://www.klinikaxp.pl/

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-23 13:16

Updated : 2026-03-23 14:31

NVD link : CVE-2026-1958

Mitre link : CVE-2026-1958

CVE.ORG link : CVE-2026-1958

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2026-1958", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-23T13:16:30.093", "references": [{"url": "https://cert.pl/posts/2026/03/CVE-2026-1958", "source": "cvd@cert.pl"}, {"url": "https://www.klinikaxp.pl/", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.\n\nThis issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1\n\nBeside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts."}, {"lang": "es", "value": "El uso de credenciales codificadas en Klinika XP y KlinikaXP Insertino permiti\u00f3 a un atacante no autorizado acceder a varios servicios internos. Cr\u00edticamente, esto inclu\u00eda el acceso al servidor FTP que alojaba los paquetes de actualizaci\u00f3n de la aplicaci\u00f3n. El atacante con estas credenciales podr\u00eda cargar un archivo de actualizaci\u00f3n malicioso, el cual podr\u00eda haber sido distribuido e instalado en m\u00e1quinas cliente como una actualizaci\u00f3n leg\u00edtima.\n\nEste problema afecta a KlinikaXP: antes de la 5.39.01.01. y a KlinikaXP Insertino antes de la 3.1.0.1.\n\nAdem\u00e1s de eliminar las credenciales codificadas del c\u00f3digo, las credenciales previamente expuestas tambi\u00e9n fueron rotadas, evitando futuros intentos de ataque."}], "lastModified": "2026-03-23T14:31:37.267", "sourceIdentifier": "cvd@cert.pl"}