Medium severity4.3NVD Advisory· Published Feb 27, 2026· Updated May 10, 2026
CVE-2026-20797
CVE-2026-20797
Description
A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*range: <=1.12.1
- cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*range: <=1.12.1
- cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*Range: <=1.12.1
- Copeland/Copeland XWEB 300D PROv5Range: 0
- Copeland/Copeland XWEB 500B PROv5Range: 0
- Copeland/Copeland XWEB 500D PROv5Range: 0
Patches
Vulnerability mechanics
References
3- github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.jsonnvdThird Party Advisory
- www.cisa.gov/news-events/ics-advisories/icsa-26-057-10nvdThird Party AdvisoryUS Government Resource
- webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdatenvdProduct
News mentions
0No linked articles in our index yet.