CVE-2026-25195 – Copeland XWEB and XWEB Pro OS Command Injection

CVE ID : CVE-2026-25195

Published : Feb. 27, 2026, 12:45 a.m. | 26 minutes ago

Description : An OS command injection

vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
supplying a crafted firmware update file via the firmware update route.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-3281 – libvips bandrank.c vips_bandrank_build heap-based overflow

CVE-2026-3275 – Tenda F453 httpd addressNat fromAddressNat buffer overflow

CVE-2026-3274 – Tenda F453 httpd L7Prot frmL7ProtForm buffer overflow

CVE-2026-3037 – Copeland XWEB and XWEB Pro OS Command Injection