Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 2, 2026
Copeland XWEB and XWEB Pro OS Command Injection
CVE-2026-24663
Description
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Copeland/Copeland XWEB 300D PROv5Range: 0
- Copeland/Copeland XWEB 500B PROv5Range: 0
- Copeland/Copeland XWEB 500D PROv5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.