Vulnerability Details CVE-2026-23702
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
sending malicious input injected into the server username field of the
import preconfiguration action in the API V1 route.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 8.0