EUVD-2026-8980

🗓️ 27 Feb 2026 03:30:27Reported by EUVDType

Authenticated attackers can exploit command injection in XWEB Pro version 1.12.1 and earlier via MBird SMS input, enabling remote code execution.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-3037	27 Feb 202601:06	–	attackerkb
Circl	CVE-2026-3037	26 Feb 202611:00	–	circl
CNNVD	Copeland XWEB PRO 操作系统命令注入漏洞	27 Feb 202600:00	–	cnnvd
CVE	CVE-2026-3037	27 Feb 202601:06	–	cve
Cvelist	CVE-2026-3037 Copeland XWEB and XWEB Pro OS Command Injection	27 Feb 202601:06	–	cvelist
NVD	CVE-2026-3037	27 Feb 202602:16	–	nvd
OSV	CVE-2026-3037	27 Feb 202602:16	–	osv
Positive Technologies	PT-2026-22279	27 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-3037	28 Feb 202601:55	–	redhatcve
Vulnrichment	CVE-2026-3037 Copeland XWEB and XWEB Pro OS Command Injection	27 Feb 202601:06	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "f6a3cbb0-2162-31a8-b764-def2dec4a391",
        "vendor": {
          "name": "Copeland"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "a16e4f2d-27c6-3e1d-bb9a-bfd85c8cc544",
        "product": {
          "name": "Copeland XWEB 500B PRO"
        },
        "product_version": "0 ≤1.12.1"
      },
      {
        "id": "c8b4dbc1-e9d4-3637-92bb-6a6d1a5738b1",
        "product": {
          "name": "Copeland XWEB 500D PRO"
        },
        "product_version": "0 ≤1.12.1"
      },
      {
        "id": "dc6b6a9b-c5f6-306f-a650-5271862fe1f6",
        "product": {
          "name": "Copeland XWEB 300D PRO"
        },
        "product_version": "0 ≤1.12.1"
      }
    ]
  }
]

Source	Link
webapps	www.webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
cisa	www.cisa.gov/news-events/ics-advisories/icsa-26-057-10
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-3037

27 Feb 2026 03:30Current

6Medium risk

Vulners AI Score6

CVSS 3.18

EPSS0.01934

SSVC