VYPR
Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 2, 2026

Copeland XWEB and XWEB Pro OS Command Injection

CVE-2026-24663

Description

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Copeland/Copeland XWEB 300D PROv5
    Range: 0
  • Copeland/Copeland XWEB 500B PROv5
    Range: 0
  • Copeland/Copeland XWEB 500D PROv5
    Range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.