{"id":78124,"date":"2026-02-27T05:46:20","date_gmt":"2026-02-27T02:16:20","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-3037-copeland-xweb-and-xweb-pro-os-command-injection\/"},"modified":"2026-02-27T05:46:20","modified_gmt":"2026-02-27T02:16:20","slug":"cve-2026-3037-copeland-xweb-and-xweb-pro-os-command-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-3037-copeland-xweb-and-xweb-pro-os-command-injection\/","title":{"rendered":"CVE-2026-3037 &#8211; Copeland XWEB and XWEB Pro OS Command Injection"},"content":{"rendered":"<p>CVE ID : CVE-2026-3037<\/p>\n<p>Published :  Feb. 27, 2026, 2:16 a.m. | 55\u00a0minutes ago<\/p>\n<p>Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1<br \/>\nand prior, enabling an authenticated attacker to achieve remote code<br \/>\nexecution on the system by modifying malicious input injected into the<br \/>\nMBird SMS service URL and\/or code via the utility route which is later<br \/>\nprocessed during system setup, leading to remote code execution.<\/p>\n<p>Severity: 8.0 | HIGH<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-3037 Published : Feb. 27, 2026, 2:16 a.m. | 55\u00a0minutes ago Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and\/or code via &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-78124","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=78124"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78124\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=78124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=78124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=78124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}