CVE-2026-3037

Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier

Description A flaw exists that allows a logged-in attacker to execute code on a system remotely. This is achieved by altering harmful input within the URL of the MBird SMS service and/or code through the utility path. This input is then processed during system configuration, resulting in remote code execution. The vulnerability is an OS command injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.