EUVD-2026-8975

🗓️ 27 Feb 2026 03:30:27Reported by EUVDType

Authenticated attacker can execute remote code via crafted template file on XWEB Pro version one point twelve one and earlier.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-24452	27 Feb 202600:53	–	attackerkb
Circl	CVE-2026-24452	26 Feb 202611:00	–	circl
CNNVD	Copeland XWEB PRO 操作系统命令注入漏洞	27 Feb 202600:00	–	cnnvd
CVE	CVE-2026-24452	27 Feb 202600:53	–	cve
Cvelist	CVE-2026-24452 Copeland XWEB and XWEB Pro OS Command Injection	27 Feb 202600:53	–	cvelist
NVD	CVE-2026-24452	27 Feb 202602:16	–	nvd
OSV	CVE-2026-24452	27 Feb 202602:16	–	osv
Positive Technologies	PT-2026-22274	27 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-24452	28 Feb 202601:55	–	redhatcve
Vulnrichment	CVE-2026-24452 Copeland XWEB and XWEB Pro OS Command Injection	27 Feb 202600:53	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "73d10be1-7d81-3201-b1da-97d61d51e3e9",
        "vendor": {
          "name": "Copeland"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "6d391d48-d5bf-3f88-9d5e-b0630f431ecc",
        "product": {
          "name": "Copeland XWEB 500B PRO"
        },
        "product_version": "0 ≤1.12.1"
      },
      {
        "id": "71066f63-a6f6-37c8-9e4d-33ed8f8662cc",
        "product": {
          "name": "Copeland XWEB 300D PRO"
        },
        "product_version": "0 ≤1.12.1"
      },
      {
        "id": "9899871d-bdfc-309f-abab-99ab1966cca4",
        "product": {
          "name": "Copeland XWEB 500D PRO"
        },
        "product_version": "0 ≤1.12.1"
      }
    ]
  }
]

Source	Link
webapps	www.webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
cisa	www.cisa.gov/news-events/ics-advisories/icsa-26-057-10
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-24452

27 Feb 2026 03:30Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.18 - 8.8

EPSS0.01897