CVE-2026-20797

Summary

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

Affected Software

VendorProductVersion RangeStatus
CopelandCopeland XWEB 300D PRO0 <= 1.12.1affected
CopelandCopeland XWEB 500D PRO0 <= 1.12.1affected
CopelandCopeland XWEB 500B PRO0 <= 1.12.1affected

Weaknesses

  • WE-121

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References