What is CVE-2026-21718?

CVE-2026-21718 is a critical-severity vulnerability in Copeland Xweb 300d Pro, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 10.0/10. Published 2026-02-27.

How severe is CVE-2026-21718?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Copeland Xweb 300d Pro

CVE-2026-21718

An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (18.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Copeland Xweb 300d Pro — versions 0
Copeland Xweb 500b Pro — versions 0
Copeland Xweb 500d Pro — versions 0

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

Frequently asked questions

What is CVE-2026-21718?: CVE-2026-21718 is a critical-severity vulnerability in Copeland Xweb 300d Pro, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 10.0/10. Published 2026-02-27.
How severe is CVE-2026-21718?: Critical severity. CVSS v3 base score is 10.0 out of 10.