CVE-2026-20797
Published: 27 February 2026
Summary
CVE-2026-20797 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Copeland Xweb 300D Pro Firmware. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 48.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-20797 is a stack-based buffer overflow vulnerability (CWE-787) present in an API route of XWEB Pro version 1.12.1 and prior. Published on 2026-02-27, the flaw enables stack corruption and program termination. It carries a CVSS v3.1 base score of 4.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Unauthenticated attackers (PR:N) with adjacent network access (AV:A) can exploit this low-complexity (AC:L) vulnerability without user interaction (UI:N). Successful exploitation results in stack corruption, causing termination of the XWEB Pro program and a low-impact denial-of-service condition (A:L), with no effects on confidentiality or integrity.
CISA's ICS Advisory ICSA-26-057-10 details the vulnerability and mitigation steps at https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10, with the corresponding CSAF document available at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json. Copeland provides a system software update for remediation at https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8972
Vulnerability details
A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in API route directly enables application exploitation resulting in denial of service via program termination.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of all inputs to the vulnerable API route, directly blocking the malformed data that triggers the stack buffer overflow.
Requires timely application of the vendor-supplied software update that eliminates the buffer-overflow flaw in XWEB Pro.
Applies memory-protection mechanisms (e.g., ASLR, DEP, stack canaries) that can prevent successful stack corruption even if the overflow is triggered.