CVE-2026-25037 – Copeland XWEB and XWEB Pro OS Command Injection

CVE ID : CVE-2026-25037

Published : Feb. 27, 2026, 2:16 a.m. | 55 minutes ago

Description : An OS command injection

vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
configuring a maliciously crafted LCD state which is later processed
during system setup, enabling remote code execution.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…