CVE-2026-22877 LOW

CVE-2026-22877: Copeland XWEB and XWEB Pro Path Traversal

Vendor Copeland
Product Copeland XWEB 300D PRO
Weakness CWE-22 · Path traversal
Published February 27, 2026
Last update March 2, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.

Key dates

02Disclosure timeline

February 27, 2026 CVE published
March 2, 2026 Record updated