Vulnerability Description
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Copeland | Xweb 300D Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 300D Pro | - |
| Copeland | Xweb 500D Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 500D Pro | - |
| Copeland | Xweb 500B Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 500B Pro | - |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05Third Party Advisory
- https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdateProduct
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2026-21718?
CVE-2026-21718 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execut...
How severe is CVE-2026-21718?
CVE-2026-21718 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-21718?
Check the references section above for vendor advisories and patch information. Affected products include: Copeland Xweb 300D Pro Firmware, Copeland Xweb 300D Pro, Copeland Xweb 500D Pro Firmware, Copeland Xweb 500D Pro, Copeland Xweb 500B Pro Firmware.