216.73.217.17

CVE-2026-20902

· Published 27/02/2026 01:16 · Modified 27/02/2026 23:13

Labels: CVE-2026-20902 2026-02-27CVE-2026-20902CWE-78[email protected]

Essential information

Published
27/02/2026 01:16
Modified
27/02/2026 23:13
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
copeland / xweb 300d pro firmware cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 300d pro cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*
copeland / xweb 500d pro firmware cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 500d pro cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*
copeland / xweb 500b pro firmware cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*
copeland / xweb 500b pro cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*

References