CRITICALCVE-2026-21718Published Modified CNA icscert
CVE-2026-21718: Copeland XWEB and XWEB Pro Use of a Broken or Risky Cryptographic Algorithm
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.
Metrics
- CVSS v3.1
- 10.0
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 3
Affected packages
- Copeland / Copeland XWEB 300D PRO≤ 1.12.1
- Copeland / Copeland XWEB 500D PRO≤ 1.12.1
- Copeland / Copeland XWEB 500B PRO≤ 1.12.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HReferences