Cyber Resilience

CVE-2026-20797

Medium

Published: 27 February 2026

Published
27 February 2026
Modified
10 May 2026
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0078 51.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-20797 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Copeland Xweb 300D Pro Firmware. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 48.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-20797 is a stack-based buffer overflow vulnerability (CWE-787) present in an API route of XWEB Pro version 1.12.1 and prior. Published on 2026-02-27, the flaw enables stack corruption and program termination. It carries a CVSS v3.1 base score of 4.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Unauthenticated attackers (PR:N) with adjacent network access (AV:A) can exploit this low-complexity (AC:L) vulnerability without user interaction (UI:N). Successful exploitation results in stack corruption, causing termination of the XWEB Pro program and a low-impact denial-of-service condition (A:L), with no effects on confidentiality or integrity.

CISA's ICS Advisory ICSA-26-057-10 details the vulnerability and mitigation steps at https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10, with the corresponding CSAF document available at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json. Copeland provides a system software update for remediation at https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate.

EU & UK References

Vulnerability details

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Stack-based buffer overflow in API route directly enables application exploitation resulting in denial of service via program termination.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20910Same product: Copeland Xweb 300D Pro
CVE-2026-22877Same product: Copeland Xweb 300D Pro
CVE-2026-20902Same product: Copeland Xweb 300D Pro
CVE-2026-25105Same product: Copeland Xweb 300D Pro
CVE-2026-24452Same product: Copeland Xweb 300D Pro
CVE-2026-20742Same product: Copeland Xweb 300D Pro
CVE-2026-25195Same product: Copeland Xweb 300D Pro
CVE-2026-25721Same product: Copeland Xweb 300D Pro
CVE-2026-25111Same product: Copeland Xweb 300D Pro
CVE-2026-23702Same product: Copeland Xweb 300D Pro

Affected Assets

copeland
xweb 300d pro firmware
≤ 1.12.1
copeland
xweb 500d pro firmware
≤ 1.12.1
copeland
xweb 500b pro firmware
≤ 1.12.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of all inputs to the vulnerable API route, directly blocking the malformed data that triggers the stack buffer overflow.

prevent

Requires timely application of the vendor-supplied software update that eliminates the buffer-overflow flaw in XWEB Pro.

prevent

Applies memory-protection mechanisms (e.g., ASLR, DEP, stack canaries) that can prevent successful stack corruption even if the overflow is triggered.

References