Vulnerability Description
A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Copeland | Xweb 300D Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 300D Pro | - |
| Copeland | Xweb 500D Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 500D Pro | - |
| Copeland | Xweb 500B Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 500B Pro | - |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05Third Party Advisory
- https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdateProduct
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2026-20797?
CVE-2026-20797 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.
How severe is CVE-2026-20797?
CVE-2026-20797 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-20797?
Check the references section above for vendor advisories and patch information. Affected products include: Copeland Xweb 300D Pro Firmware, Copeland Xweb 300D Pro, Copeland Xweb 500D Pro Firmware, Copeland Xweb 500D Pro, Copeland Xweb 500B Pro Firmware.