CVE-2026-20742

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1

Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is achieved by injecting malicious input into requests sent to the /templates route. The issue is an OS command injection.

Recommendations Update to a version newer than 1.12.1.