CVE-2026-23702

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1

Description A flaw exists that allows a logged-in attacker to execute code on the system. This is possible by submitting crafted input into the username field of the import preconfiguration action via the API V1 route. The affected API endpoint is '/api/V1'. The vulnerable parameter is username.

Recommendations Update to a version newer than 1.12.1.