CVE-2026-22877
Published: 27 February 2026
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2026-22877 is an arbitrary file-read vulnerability (CWE-22) affecting XWEB Pro version 1.12.1 and prior. Published on 2026-02-27, it has a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating low severity with network accessibility but high attack complexity required.
Unauthenticated attackers can exploit this vulnerability remotely to read arbitrary files on the affected system. While the primary impact is limited confidentiality (low), the vulnerability may also enable denial-of-service conditions.
CISA's ICS Advisory ICSA-26-057-10 provides details on the issue, available at https://www.cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json and https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10. Vendor guidance on system software updates is at https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote arbitrary file read in public-facing XWEB Pro web application directly enables T1190 (Exploit Public-Facing Application). Facilitates T1005 (Data from Local System) by allowing remote access to arbitrary files for collection.