CVE-2026-20797

Copeland XWEB and XWEB Pro Stack-based Buffer Overflow

Description

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

INFO

Published Date :

2026-02-27T01:03:18.783Z

Last Modified :

2026-03-02T14:25:33.427Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2026-20797 vulnerability.

Vendors	Products
Copeland	Copeland Xweb 300d Pro Copeland Xweb 500b Pro Copeland Xweb 500d Pro Xweb 300d Pro Xweb 300d Pro Firmware Xweb 500b Pro Xweb 500b Pro Firmware Xweb 500d Pro Xweb 500d Pro Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-20797.

URL	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact