copeland 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、バッファオーバーフロー, and vendor risk memory corruption に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-3037 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed during system setup, leading to remote code execution. | [email protected] | 8.0 | 1.93% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25721 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route. | [email protected] | 8.0 | 1.90% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25196 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed. | [email protected] | 8.0 | 1.90% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25105 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route. | [email protected] | 8.0 | 1.90% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25037 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution. | [email protected] | 8.0 | 1.90% | 2026-02-26 | 2026-06-17 |
| CVE-2026-24452 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route. | [email protected] | 8.0 | 1.90% | 2026-02-26 | 2026-06-17 |
| CVE-2026-23702 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route. | [email protected] | 8.0 | 1.90% | 2026-02-26 | 2026-06-17 |
| CVE-2026-22877 | An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack. | [email protected] | 3.7 | 0.55% | 2026-02-26 | 2026-06-17 |
| CVE-2026-20797 | A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program. | [email protected] | 4.3 | 0.78% | 2026-02-26 | 2026-06-17 |
| CVE-2026-20764 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote code execution. | [email protected] | 8.0 | 1.93% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25195 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route. | [email protected] | 8.0 | 1.45% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25111 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route. | [email protected] | 8.0 | 1.52% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25109 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route. | [email protected] | 8.0 | 1.52% | 2026-02-26 | 2026-06-17 |
| CVE-2026-25085 | A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass. | [email protected] | 8.6 | 0.46% | 2026-02-26 | 2026-06-17 |
| CVE-2026-24695 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution. | [email protected] | 8.0 | 1.52% | 2026-02-26 | 2026-06-17 |
| CVE-2026-24689 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action. | [email protected] | 8.0 | 1.52% | 2026-02-26 | 2026-06-17 |
| CVE-2026-24663 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body. | [email protected] | 9.0 | 2.27% | 2026-02-26 | 2026-06-17 |
| CVE-2026-24517 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route. | [email protected] | 8.0 | 1.59% | 2026-02-26 | 2026-06-17 |
| CVE-2026-21718 | An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system. | [email protected] | 10.0 | 0.43% | 2026-02-26 | 2026-06-17 |
| CVE-2026-21389 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route. | [email protected] | 8.0 | 1.49% | 2026-02-26 | 2026-06-17 |