CVE-2026-24663 - Vulnerability Analysis
CriticalCVSS: 9.0Last Updated: February 27, 2026
XWEB Pro - Remote Code Execution
Overview
XWEB Pro <= 1.12.1 contains an OS command injection caused by improper input sanitization in the libraries installation route, letting unauthenticated attackers achieve remote code execution by sending crafted requests.
Severity & Score
Impact
Unauthenticated attackers can execute arbitrary commands remotely, potentially taking full control of the system.
Mitigation
Update to the latest version of XWEB Pro.
References
Social Media Activity(2 posts)
🚨 CVE-2026-24663 (CRITICAL, CVSS 9.0): Copeland XWEB 300D PRO (≤1.12.1) has an unauthenticated command injection flaw. RCE possible over network, no exploit public yet. Segment networks & restrict access! https://radar.offseq.com/threat/cve-2026-24663-cwe-78-in-copeland-copeland-xweb-30-1c773deb #OffSeq #ICS #OTSecurity #Vuln
View original post
🚨 CVE-2026-24663 (CRITICAL, CVSS 9.0): Copeland XWEB 300D PRO (≤1.12.1) has an unauthenticated command injection flaw. RCE possible over network, no exploit public yet. Segment networks & restrict access! https://radar.offseq.com/threat/cve-2026-24663-cwe-78-in-copeland-copeland-xweb-30-1c773deb #OffSeq #ICS #OTSecurity #Vuln
View original postRelated Resources
Details
- CVE ID
- CVE-2026-24663
- Severity
- Critical
- CVSS Score
- 9.0
- Type
- command_injection
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H