CVE-2026-1958

Name of the Vulnerable Software and Affected Versions KlinikaXP versions prior to 5.39.01.01 KlinikaXP Insertino versions prior to 3.1.0.1

Description The use of hard-coded credentials in KlinikaXP and KlinikaXP Insertino allowed an unauthorized attacker access to internal services, including the FTP server hosting application updates. An attacker could upload a malicious update file, potentially distributing and installing it on client machines as a legitimate update.

Recommendations Update KlinikaXP to version 5.39.01.01 or later. Update KlinikaXP Insertino to version 3.1.0.1 or later. Rotate previously exposed credentials.