CVE-2026-24663
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.0 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Description
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an unauthenticated attacker to achieve remote code
execution on the system by sending a crafted request to the libraries
installation route and injecting malicious input into the request body.
and prior, enabling an unauthenticated attacker to achieve remote code
execution on the system by sending a crafted request to the libraries
installation route and injecting malicious input into the request body.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-78
Source
NVD
Vendor
Copeland
Product
Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Discussion (0)
Add Comment
No comments yet. Be the first!