Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
XWEB Pro version 1.12.1 and prior: Unauthenticated Program Crash
CVE-2026-20797
Summary
An error in the XWEB Pro API can allow anyone to stop the program from working. This could happen if an attacker sends a special kind of input to the API. To fix this, update to the latest version of XWEB Pro.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| copeland | xweb_300d_pro_firmware | <= 1.12.1 | – |
| copeland | xweb_500d_pro_firmware | <= 1.12.1 | – |
| copeland | xweb_500b_pro_firmware | <= 1.12.1 | – |
Original title
A stack based buffer overflow exists in an API route of XWEB Pro version
1.12.1 and prior, enabling unauthenticated attackers to cause stack
corruption and a termination of the program.
Original description
A stack based buffer overflow exists in an API route of XWEB Pro version
1.12.1 and prior, enabling unauthenticated attackers to cause stack
corruption and a termination of the program.
1.12.1 and prior, enabling unauthenticated attackers to cause stack
corruption and a termination of the program.
nvd CVSS3.1
9.8
Vulnerability type
CWE-787
Out-of-bounds Write
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05... Third Party Advisory
- https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate Product
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 Third Party Advisory US Government Resource
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026