These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-3037 is an authenticated OS command injection issue in Copeland XWEB Pro. According to CISA’s advisory, malicious input placed into the MBird SMS service URL and/or code via a utility route can be processed during system setup and lead to remote code execution. The vendor has provided a fix and recommends updating to the latest version.
CVE-2026-25721 is an authenticated OS command injection issue in Copeland XWEB Pro version 1.12.1 and earlier. According to the CISA advisory, malicious input in the server username and/or password fields of the restore action in the API V1 route can lead to remote code execution on the system. The advisory references CWE-78 (OS Command Injection) and assigns a CVSS v3.1 vector of AV:N/AC:H/PR:H/UI:N/S:C/ [truncated]
CVE-2026-25196 is an OS command injection vulnerability in Copeland XWEB Pro version 1.12.1 and earlier. CISA’s advisory published on 2026-02-26 says an authenticated attacker can inject malicious input into the Wi‑Fi SSID and/or password fields and trigger remote code execution when the configuration is processed. The issue is rated CVSS 8.0 (HIGH) and is most important for OT/industrial environments run [truncated]
CVE-2026-25195 describes an authenticated OS command injection issue in Copeland XWEB Pro 1.12.1 and earlier. According to the CISA advisory, a crafted firmware update file submitted through the firmware update route can allow an attacker to achieve remote code execution on the system. Copeland states a fix is available and recommends updating XWEB Pro to the latest version.
CVE-2026-25111 is an authenticated OS command injection issue in Copeland XWEB Pro version 1.12.1 and earlier. According to the CISA advisory, malicious input sent to the restore route can allow remote code execution on the affected system. Copeland says a fix is available and recommends updating XWEB Pro to the latest version.
CVE-2026-25109 is a high-severity OS command injection issue reported in XWEB Pro version 1.12.1 and earlier. According to the CISA CSAF advisory published on 2026-02-26, an authenticated attacker can inject malicious input into the devices field while accessing the get setup route and achieve remote code execution on the system. The advisory says a fix is available and recommends updating to the latest version.
CVE-2026-25105 is a high-severity OS command injection vulnerability in Copeland XWEB Pro. According to CISA’s advisory, an authenticated attacker can inject malicious input into parameters of the Modbus command tool in the debug route and reach remote code execution on the system. Copeland indicates a fix is available and recommends upgrading affected XWEB Pro systems without delay.
CVE-2026-25085 is a high-severity authentication bypass in Copeland XWEB Pro version 1.12.1 and earlier. The issue occurs when an unexpected return value from the authentication routine is later treated as legitimate, allowing access without proper authentication. CISA published the advisory on 2026-02-26 and provided vendor remediation guidance to update affected XWEB Pro installations.
CVE-2026-25037 is a high-severity authenticated OS command injection issue in Copeland XWEB Pro. According to CISA’s advisory, a maliciously crafted LCD state can be configured and later processed during system setup, enabling remote code execution on the device. The advisory was published on 2026-02-26 and lists XWEB Pro version 1.12.1 and prior as affected.
CVE-2026-24695 is a high-severity command injection flaw in Copeland XWEB Pro that can let an authenticated attacker reach remote code execution on affected systems. CISA’s advisory says the issue exists in XWEB Pro version 1.12.1 and earlier and is triggered through malicious input placed into OpenSSL argument fields in requests sent to the utility route.
CVE-2026-24689 is an authenticated OS command injection vulnerability in Copeland XWEB Pro version 1.12.1 and earlier. According to the CISA CSAF advisory, malicious input in the devices field of the firmware update apply action can lead to remote code execution on the system. The advisory was published on 2026-02-26 and rates the issue as high severity.
CVE-2026-24663 is a critical OS command injection issue in Copeland XWEB Pro version 1.12.1 and earlier. CISA says an unauthenticated attacker can send a crafted request to the libraries installation route and inject malicious input into the request body, potentially achieving remote code execution on the system.
CVE-2026-24517 is a high-severity authenticated OS command injection vulnerability in Copeland XWEB Pro 1.12.1 and earlier. According to the CISA advisory published on 2026-02-26, malicious input sent to the firmware update route can let an authenticated attacker reach remote code execution on the device.
CVE-2026-24452 affects Copeland XWEB Pro 1.12.1 and earlier and can let an authenticated attacker reach remote code execution by submitting a crafted template file through the devices route. The advisory was published by CISA on 2026-02-26 and includes a fix from Copeland; affected operators should prioritize updating exposed or internet-connected deployments.
CVE-2026-23702 describes an authenticated OS command injection in Copeland XWEB Pro version 1.12.1 and earlier. The advisory says malicious input in the server username field of the import preconfiguration action in the API V1 route can lead to remote code execution on the system. This is a high-priority issue for operators of affected XWEB Pro deployments, especially in OT/ICS environments.
CVE-2026-22877 is an unauthenticated, network-reachable arbitrary file-read vulnerability in Copeland XWEB Pro version 1.12.1 and earlier. The advisory says affected systems may expose arbitrary local files and could also be driven into a denial-of-service condition, so this is primarily a confidentiality exposure with some operational risk.
CVE-2026-21718 is a critical authentication bypass in Copeland XWEB Pro that affects version 1.12.1 and earlier. CISA says the flaw can let an attacker bypass authentication and reach pre-authenticated code execution, making exposed systems high priority for immediate remediation.
CVE-2026-21389 describes an OS command injection issue in Copeland XWEB Pro version 1.12.1 and earlier. According to the CISA CSAF advisory published on 2026-02-26, an authenticated attacker can inject malicious input into the request body for the contacts import route and achieve remote code execution on the system. CISA rates the vulnerability HIGH, and the supplied SSVC note indicates no exploit or aut [truncated]
CISA published ICSA-26-057-10 on 2026-02-26 for CVE-2026-20910. The advisory describes an OS command injection in XWEB Pro version 1.12.1 and earlier: an authenticated attacker can inject malicious input into the devices field of the firmware update action and achieve remote code execution on the system. Copeland states that a fix is available and provides update paths for affected deployments.
CISA’s 2026-02-26 advisory (ICSA-26-057-10) says XWEB Pro version 1.12.1 and prior contains an OS command injection issue in the map upload workflow. An authenticated attacker can inject malicious input into the map filename field on the parameters route and achieve remote code execution on the system. Copeland provides a fix and recommends updating affected XWEB Pro deployments to the latest version.
CVE-2026-20797 is a medium-severity vulnerability affecting Copeland XWEB Pro firmware versions 1.12.1 and earlier on the affected product lines listed by NVD. The issue is a stack-based buffer overflow in an API route that can be triggered by an unauthenticated attacker under adjacent-network conditions, leading to stack corruption and termination of the program. The published record does not describe co [truncated]
CVE-2026-20764 is a high-severity OS command injection issue in Copeland XWEB Pro. According to the CISA CSAF advisory published on 2026-02-26, an authenticated attacker can supply malicious input through the device hostname configuration and trigger remote code execution during system setup. The advisory recommends updating to the latest XWEB Pro version.
CVE-2026-20742 is an authenticated OS command injection in Copeland XWEB Pro that can lead to remote code execution. CISA published the advisory on 2026-02-26 and Copeland provided a fix for affected XWEB Pro versions 1.12.1 and earlier.