Description
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.

This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1

Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.
Published: 2026-03-23
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access leading to malicious update deployment
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from hard‑coded credentials embedded in KlinikaXP and KlinikaXP Insertino. These credentials grant an attacker unauthorised access to multiple internal services, notably the FTP server that stores the application’s update packages. An attacker who obtains these credentials can upload a malicious update file to that FTP server. If clients download and install the compromised update, the attacker effectively injects malicious code into all affected systems, compromising confidentiality, integrity, and availability.

Affected Systems

The affected products are BRI’s KlinikaXP and KlinikaXP Insertino. Versions prior to 5.39.01.01 of KlinikaXP and prior to 3.1.0.1 of KlinikaXP Insertino are vulnerable. All later releases contain remediation that removes the hard‑coded credentials and rotates any exposed passwords.

Risk and Exploitability

The CVSS score of 8.7 classifies this as a high‑severity issue. EPSS data are currently unavailable, and the vulnerability is not listed in the CISA KEV catalog. The likely attack path involves the attacker gaining network or local access to the internal services and then using the hard‑coded credentials to authenticate to the FTP server. Once authenticated, the attacker can upload a malicious update, which clients may inadvertently install. This scenario offers a straightforward exploitation route with severe potential impact, especially if the update mechanism lacks integrity checks.

Generated by OpenCVE AI on March 23, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade KlinikaXP to version 5.39.01.01 or later and KlinikaXP Insertino to version 3.1.0.1 or later to remove the hard‑coded credentials
  • If immediate upgrade is not possible, rotate any passwords that were previously exposed by the hard‑coded credentials
  • Restrict access to the internal FTP service to trusted hosts only and enforce authentication
  • Verify the integrity of all update files before deployment and consider implementing code signing
  • Monitor the FTP server for any unauthorized upload activity

Generated by OpenCVE AI on March 23, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Bri
Bri klinikaxp
Bri klinikaxp Insertino
Vendors & Products Bri
Bri klinikaxp
Bri klinikaxp Insertino

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.
Title Hard-coded passwords in KlinikaXP
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Bri Klinikaxp Klinikaxp Insertino
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-03-23T15:51:31.644Z

Reserved: 2026-02-05T10:05:53.336Z

Link: CVE-2026-1958

cve-icon Vulnrichment

Updated: 2026-03-23T15:17:47.221Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T13:16:30.093

Modified: 2026-03-23T14:31:37.267

Link: CVE-2026-1958

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:09Z

Weaknesses