HIGHCVE-2026-25085Published Modified CNA icscert
CVE-2026-25085: Copeland XWEB and XWEB Pro Unexpected Status Code or Return Value
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.
Metrics
- CVSS v3.1
- 8.6
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 3
Affected packages
- Copeland / Copeland XWEB 300D PRO≤ 1.12.1
- Copeland / Copeland XWEB 500D PRO≤ 1.12.1
- Copeland / Copeland XWEB 500B PRO≤ 1.12.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:LReferences