Description

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.

INFO

Published Date :

2026-03-23T12:40:12.895Z

Last Modified :

2026-03-23T15:51:31.644Z

Source :

CERT-PL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1958 vulnerability.

Vendors Products
Bri
  • Klinikaxp
  • Klinikaxp Insertino
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1958.

URL Resource
https://cert.pl/posts/2026/03/CVE-2026-1958 cve-icon cve-icon
https://www.klinikaxp.pl/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability