PatchSiren cyber security CVE debrief
CVE-2026-21718 Copeland CVE debrief
CVE-2026-21718 is a critical authentication bypass in Copeland XWEB Pro that affects version 1.12.1 and earlier. CISA says the flaw can let an attacker bypass authentication and reach pre-authenticated code execution, making exposed systems high priority for immediate remediation.
- Vendor
- Copeland
- Product
- XWEB 300D PRO
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
OT/ICS operators, facilities teams, and security administrators running Copeland XWEB Pro deployments, especially XWEB 300D PRO, XWEB 500D PRO, and XWEB 500B PRO instances that may be reachable from untrusted networks.
Technical summary
According to the CISA CSAF advisory, the issue is an authentication bypass in Copeland XWEB Pro version 1.12.1 and prior. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, which aligns with a network-reachable, unauthenticated path to severe confidentiality, integrity, and availability impact. CISA’s description states that attackers can bypass the authentication requirement and achieve pre-authenticated code execution on the system.
Defensive priority
Immediate. This is a critical, unauthenticated network-facing issue with full impact potential, so affected environments should be treated as urgent remediation candidates.
Recommended defensive actions
- Update Copeland XWEB Pro to the latest version using the Copeland software update page referenced in the advisory.
- If an authenticated XWEB Pro session has internet access, use SYSTEM -- Updates | Network to update directly from Copeland servers.
- Inventory all XWEB Pro deployments and confirm whether XWEB 300D PRO, XWEB 500D PRO, or XWEB 500B PRO systems are present.
- Restrict network exposure to XWEB Pro management interfaces until patched, especially from untrusted or non-administrative networks.
- Review logs and alerts for unexpected authentication bypass attempts or unusual administrative activity on affected systems.
Evidence notes
Source basis is the CISA CSAF advisory ICSA-26-057-10, published 2026-02-26 and revised the same day. The advisory explicitly states: "An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system." It also includes SSVCv2/E:N/A:Y/2026-02-25T07:00:00.000000Z and a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Official resources
-
CVE-2026-21718 CVE record
CVE.org
-
CVE-2026-21718 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICSA-26-057-10 on 2026-02-26; the supplied advisory shows the same publication and modification timestamp. No KEV listing is supplied in the corpus.