PT-2026-22270 · Xweb Pro · Xweb Pro

Amir Zaltzman

Published

2026-02-27

Updated

2026-03-04

CVE-2026-20764

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1

Description An OS command injection issue exists, allowing an authenticated attacker to execute code remotely. This is achieved by providing malicious input through the device hostname configuration during system setup. The system processes this input, leading to remote code execution.

Recommendations Update to a version later than 1.12.1.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-20764

Affected Products

Xweb Pro

PT-2026-22270 · Xweb Pro · Xweb Pro

CVE-2026-20764

Weakness Enumeration

Related Identifiers

Affected Products

References · 10