CVE-2026-20797 identifies a stack-based buffer overflow vulnerability in the Copeland XWEB 300D PRO, a device used in industrial or building automation systems. The vulnerability resides in an API route accessible without authentication, which allows remote attackers to send specially crafted requests that overflow the stack buffer. This overflow leads to stack corruption and causes the affected program to terminate unexpectedly, resulting in a denial-of-service (DoS) condition. The affected versions include 1.12.1 and all prior releases. The vulnerability does not compromise confidentiality or integrity, as it does not allow code execution or data leakage, but it impacts availability by crashing the service. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates that the attack requires adjacent network access (local network), has low attack complexity, requires no privileges or user interaction, and affects only availability. No known exploits have been reported in the wild, and no patches or mitigations have been officially published yet. The vulnerability was reserved and published in February 2026 by ICS-CERT, highlighting its relevance to industrial control systems security.

The primary impact of CVE-2026-20797 is a denial-of-service condition caused by crashing the vulnerable service on the Copeland XWEB 300D PRO device. This can disrupt operations in environments relying on these devices for automation, monitoring, or control, potentially leading to operational downtime or safety risks in industrial or building management systems. Since the vulnerability does not allow code execution or data compromise, the risk to confidentiality and integrity is minimal. However, availability disruption in critical infrastructure or industrial environments can have significant operational and financial consequences. The ease of exploitation without authentication and user interaction increases the threat level for attackers with network access. Organizations using these devices in sensitive or critical environments may face service interruptions, impacting business continuity and safety systems.

1. Monitor Copeland’s official channels for security advisories and apply patches or firmware updates as soon as they become available to remediate the vulnerability. 2. Until patches are released, restrict network access to the vulnerable API by implementing network segmentation and firewall rules that limit access to trusted hosts only, especially blocking access from untrusted or external networks. 3. Employ intrusion detection or prevention systems (IDS/IPS) to monitor for anomalous traffic patterns targeting the API endpoints of the XWEB 300D PRO device. 4. Conduct regular vulnerability assessments and penetration testing focused on industrial control systems to identify and mitigate similar weaknesses proactively. 5. Implement robust network monitoring and logging to detect potential exploitation attempts and respond promptly. 6. Consider deploying virtual patching or application-layer gateways to filter malicious payloads targeting the buffer overflow until an official patch is available.