Cyber Resilience

CVE-2026-21718

Critical

Published: 27 February 2026

Published
27 February 2026
Modified
27 February 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0043 34.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-21718 is a critical-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Copeland Xweb 300D Pro Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-21718 is an authentication bypass vulnerability affecting Copeland XWEB Pro version 1.12.1 and prior versions. The flaw allows attackers to circumvent authentication controls, resulting in pre-authenticated code execution on the targeted system. It has been assigned a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-327, with additional NVD-CWE-noinfo classification. The vulnerability was published on 2026-02-27T01:16:18.073.

The vulnerability can be exploited by any unauthenticated attacker with network access to the affected device, requiring low complexity and no user interaction. Successful exploitation enables full compromise, granting high-impact access to confidentiality, integrity, and availability, with a changed scope that amplifies the attack surface for remote code execution without prior authentication.

Mitigation details are outlined in official advisories, including CISA's ICSA-26-057-10 available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 and the related CSAF JSON at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json. Copeland provides a system software update at https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate to address the issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authentication bypass enabling unauthenticated remote code execution on a public-facing web application directly maps to initial access via exploitation of public-facing apps.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25111Same product: Copeland Xweb 300D Pro
CVE-2026-23702Same product: Copeland Xweb 300D Pro
CVE-2026-25085Same product: Copeland Xweb 300D Pro
CVE-2026-20902Same product: Copeland Xweb 300D Pro
CVE-2026-25195Same product: Copeland Xweb 300D Pro
CVE-2026-24517Same product: Copeland Xweb 300D Pro
CVE-2026-25196Same product: Copeland Xweb 300D Pro
CVE-2026-20910Same product: Copeland Xweb 300D Pro
CVE-2026-25109Same product: Copeland Xweb 300D Pro
CVE-2026-25721Same product: Copeland Xweb 300D Pro

Affected Assets

copeland
xweb 300d pro firmware
≤ 1.12.1
copeland
xweb 500d pro firmware
≤ 1.12.1
copeland
xweb 500b pro firmware
≤ 1.12.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2026-21718 by requiring timely identification, reporting, and correction of the authentication bypass flaw through the vendor-provided software update.

prevent

Prevents remote exploitation of the network-accessible authentication bypass by monitoring and controlling communications at external boundaries to block unauthorized access to the vulnerable service.

detect

Identifies the authentication bypass vulnerability in Copeland XWEB Pro through regular vulnerability scanning, enabling prioritization of remediation efforts.

References