CVE-2026-22877

Summary

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.

Affected Software

VendorProductVersion RangeStatus
CopelandCopeland XWEB 300D PRO0 <= 1.12.1affected
CopelandCopeland XWEB 500D PRO0 <= 1.12.1affected
CopelandCopeland XWEB 500B PRO0 <= 1.12.1affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References