CVE-2026-22877

Copeland XWEB and XWEB Pro Path Traversal

Description

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.

INFO

Published Date :

2026-02-27T01:01:25.949Z

Last Modified :

2026-03-02T14:26:42.805Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2026-22877 vulnerability.

Vendors	Products
Copeland	Copeland Xweb 300d Pro Copeland Xweb 500b Pro Copeland Xweb 500d Pro Xweb 300d Pro Xweb 300d Pro Firmware Xweb 500b Pro Xweb 500b Pro Firmware Xweb 500d Pro Xweb 500d Pro Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22877.

URL	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact