Back to CVE List

CVE-2026-24663

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.0 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Description

An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an unauthenticated attacker to achieve remote code
execution on the system by sending a crafted request to the libraries
installation route and injecting malicious input into the request body.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-78
Source
NVD
Vendor
Copeland
Product
Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO

External References

Discussion (0)

Add Comment

No comments yet. Be the first!