CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24663

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 83.0%

CVSS Severity

CVSS v3 Score 9.0

References

Products affected by CVE-2026-24663

Copeland » Xweb 300d Pro » Version: N/A

cpe:2.3:h:copeland:xweb_300d_pro:-
Copeland » Xweb 500b Pro » Version: N/A

cpe:2.3:h:copeland:xweb_500b_pro:-
Copeland » Xweb 500d Pro » Version: N/A

cpe:2.3:h:copeland:xweb_500d_pro:-
Copeland » Xweb 300d Pro Firmware » Version: Any

cpe:2.3:o:copeland:xweb_300d_pro_firmware:*
Copeland » Xweb 500b Pro Firmware » Version: Any

cpe:2.3:o:copeland:xweb_500b_pro_firmware:*
Copeland » Xweb 500d Pro Firmware » Version: Any

cpe:2.3:o:copeland:xweb_500d_pro_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24663

Products

Pricing

Contact Us