{"id":78112,"date":"2026-02-27T04:19:44","date_gmt":"2026-02-27T00:49:44","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-20902-copeland-xweb-and-xweb-pro-os-command-injection\/"},"modified":"2026-02-27T04:19:44","modified_gmt":"2026-02-27T00:49:44","slug":"cve-2026-20902-copeland-xweb-and-xweb-pro-os-command-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-20902-copeland-xweb-and-xweb-pro-os-command-injection\/","title":{"rendered":"CVE-2026-20902 – Copeland XWEB and XWEB Pro OS Command Injection"},"content":{"rendered":"

CVE ID : CVE-2026-20902<\/p>\n

Published : Feb. 27, 2026, 12:49 a.m. | 21\u00a0minutes ago<\/p>\n

Description : An OS command injection <\/p>\n

vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
\nauthenticated attacker to achieve remote code execution on the system by
\n injecting malicious input into the map filename field during the map
\nupload action of the parameters route.<\/p>\n

Severity: 8.0 | HIGH<\/p>\n

Visit the link for more details, such as CVSS details, affected products, timeline, and more…\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

CVE ID : CVE-2026-20902 Published : Feb. 27, 2026, 12:49 a.m. | 21\u00a0minutes ago Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-78112","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=78112"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78112\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=78112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=78112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=78112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}