CVE-2026-24663
Published: 27 February 2026
Summary
CVE-2026-24663 is a critical-severity OS Command Injection (CWE-78) vulnerability in Copeland Xweb 500B Pro Firmware. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the insufficient input validation in the libraries installation route that enables OS command injection by enforcing comprehensive checks on malicious request body inputs.
Mandates timely flaw remediation through application of vendor-provided software updates specifically referenced for this vulnerability, eliminating the injection flaw.
Restricts the format, length, or character sets of inputs to the libraries installation route, reducing the feasibility of crafting malicious payloads for command injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an unauthenticated OS command injection in a public-facing web application endpoint (libraries installation route), directly enabling exploitation of public-facing applications (T1190) to achieve remote code execution via command and scripting interpreter (T1059).
NVD Description
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into…
more
the request body.
Deeper analysisAI
CVE-2026-24663 is an OS command injection vulnerability (CWE-78) affecting XWEB Pro version 1.12.1 and prior versions. The flaw exists in the libraries installation route, where insufficient input validation allows malicious payloads to be processed, leading to arbitrary command execution. Published on 2026-02-27, it carries a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact remote exploitation.
An unauthenticated attacker with network access can exploit the vulnerability by sending a crafted request to the libraries installation route and injecting malicious input into the request body. Despite requiring high attack complexity, successful exploitation enables remote code execution on the affected system, granting attackers full control over confidentiality, integrity, and availability with a scope change to related components.
CISA's ICS Advisory ICSA-26-057-10 provides details on the vulnerability, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 and in CSAF format at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json. Software updates for mitigation are referenced at https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate.
Details
- CWE(s)