HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2026-20742

CVSS 8.0v3.1pub. 2026-02-27

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Copeland Xweb 300d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 300d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500b Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500b Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2026-24663CRITICAL9.0PL ✓ten sam produkt

Command Injection w Copeland XWEB Pro — RCE bez uwierzytelnienia

CVE-2026-21718CRITICAL10.0PL ✓ten sam produkt

Auth Bypass i RCE w Copeland XWEB Pro – firmware sterowników przemysłowych

CVE-2026-20902HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authentica...

CVE-2026-21389HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...

CVE-2026-20910HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...

CVE-2026-20742 — Copeland — Xweb 300D Pro — HIGH — CVSS 8.0 | CVEbaza.pl