Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
XWEB Pro: Unauthenticated Access to Sensitive System Files
CVE-2026-22877
Summary
An attacker can read confidential files on your system without a password, which could lead to sensitive information being exposed. This is a serious issue because it allows unauthorized access to your system. If you use XWEB Pro, update to the latest version to fix this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| copeland | xweb_300d_pro_firmware | <= 1.12.1 | – |
| copeland | xweb_500d_pro_firmware | <= 1.12.1 | – |
| copeland | xweb_500b_pro_firmware | <= 1.12.1 | – |
Original title
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling unauthenticated attackers to read arbitrary files on
the system, and potentially causing a denial-of-ser...
Original description
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling unauthenticated attackers to read arbitrary files on
the system, and potentially causing a denial-of-service attack.
and prior, enabling unauthenticated attackers to read arbitrary files on
the system, and potentially causing a denial-of-service attack.
nvd CVSS3.1
9.1
Vulnerability type
CWE-22
Path Traversal
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05... Third Party Advisory
- https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate Product
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 Third Party Advisory US Government Resource
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026