Home
» Risk & Exploitation
» Daily threat intelligence
» Feb 26, 2026
Feb 26, 2026 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2026-21718
Copeland Xweb 300d Pro Firmware Code Execution
CVSS 10
Remote code execution exposure
New critical Copeland Xweb 300d Pro Firmware Code Execution (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
High-risk exposure
New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulat...
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authent...
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote...
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulat...
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulat...
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulat...
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulat...
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulat...
hoppscotch is an open source API development ecosystem.
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --comp...
View critical disclosures
cvelogic
Threat Intelligence