{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T14:16:39.728","vulnerabilities":[{"cve":{"id":"CVE-2026-25721","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-02-27T02:16:20.170","lastModified":"2026-02-27T23:06:02.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the server username and/or password \nfields of the restore action in the API V1 route."},{"lang":"es","value":"Una vulnerabilidad de inyección de comandos del sistema operativo existe en XWEB Pro versión 1.12.1 y anteriores, lo que permite a un atacante autenticado lograr la ejecución remota de código en el sistema mediante la inyección de entrada maliciosa en los campos de nombre de usuario y/o contraseña del servidor de la acción de restauración en la ruta API V1."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"BF93AA67-7ABF-45C8-8376-7A28F7D65464"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"AEA10B9B-531A-4775-B32D-AC743D696126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"088F312E-06DF-4B90-A478-A6B5A39DE0F0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"A524988E-E22F-4B0F-AEE6-46B3F103989C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"E13AD164-C82A-4D6C-84C0-83EB8B0A611C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"1707F67B-6365-4065-812C-7CC596C6CFF1"}]}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate","source":"ics-cert@hq.dhs.gov","tags":["Product"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}}]}