CVE-2026-21718
Published: 27 February 2026
Summary
CVE-2026-21718 is a critical-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Copeland Xweb 300D Pro Firmware. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-21718 by requiring timely identification, reporting, and correction of the authentication bypass flaw through the vendor-provided software update.
Prevents remote exploitation of the network-accessible authentication bypass by monitoring and controlling communications at external boundaries to block unauthorized access to the vulnerable service.
Identifies the authentication bypass vulnerability in Copeland XWEB Pro through regular vulnerability scanning, enabling prioritization of remediation efforts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass enabling unauthenticated remote code execution on a public-facing web application directly maps to initial access via exploitation of public-facing apps.
NVD Description
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.
Deeper analysisAI
CVE-2026-21718 is an authentication bypass vulnerability affecting Copeland XWEB Pro version 1.12.1 and prior versions. The flaw allows attackers to circumvent authentication controls, resulting in pre-authenticated code execution on the targeted system. It has been assigned a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-327, with additional NVD-CWE-noinfo classification. The vulnerability was published on 2026-02-27T01:16:18.073.
The vulnerability can be exploited by any unauthenticated attacker with network access to the affected device, requiring low complexity and no user interaction. Successful exploitation enables full compromise, granting high-impact access to confidentiality, integrity, and availability, with a changed scope that amplifies the attack surface for remote code execution without prior authentication.
Mitigation details are outlined in official advisories, including CISA's ICSA-26-057-10 available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 and the related CSAF JSON at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json. Copeland provides a system software update at https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate to address the issue.
Details
- CWE(s)