CVE-2026-20797 identifies a stack-based buffer overflow vulnerability in an API route of Copeland XWEB 300D PRO firmware version 1.12.1 and prior. The vulnerability arises from improper bounds checking in the handling of input data within the API, allowing an attacker to overwrite parts of the stack memory. This can lead to stack corruption and cause the application to terminate unexpectedly, resulting in denial of service conditions. The flaw is exploitable remotely without requiring authentication or user interaction, but the attack vector is network-based (AV:A), indicating that the attacker must have access to the network segment where the device resides. The CVSS v3.1 base score is 4.3, reflecting a medium severity primarily due to the impact being limited to availability with no direct confidentiality or integrity compromise. No known public exploits or patches are currently available, and the vulnerability was published in February 2026. The affected product, Copeland XWEB 300D PRO, is an industrial control system device used for monitoring and managing refrigeration and HVAC systems, which are critical in various industrial and commercial environments.

The primary impact of this vulnerability is denial of service through application termination caused by stack corruption. This can disrupt the normal operation of industrial control systems relying on the Copeland XWEB 300D PRO, potentially leading to loss of monitoring and control capabilities. While the vulnerability does not directly expose sensitive data or allow unauthorized control, the interruption of service can affect operational continuity, safety, and efficiency in environments such as cold storage, food processing, and HVAC management. Organizations with critical infrastructure depending on these devices may experience operational downtime, increased maintenance costs, and potential regulatory compliance issues. The lack of authentication requirement increases the risk of exploitation from internal or less protected network segments, emphasizing the need for network segmentation and monitoring.

To mitigate CVE-2026-20797, organizations should first verify the firmware version of their Copeland XWEB 300D PRO devices and upgrade to a patched version once available from the vendor. Until a patch is released, network-level mitigations should be implemented, including strict access controls to limit network exposure of the device's API endpoints. Deploy network segmentation to isolate industrial control systems from general IT networks and untrusted zones. Employ intrusion detection and prevention systems (IDS/IPS) with signatures or anomaly detection tuned for unusual API traffic patterns targeting the XWEB device. Regularly monitor device logs for signs of abnormal terminations or crashes. Additionally, consider implementing rate limiting on API requests to reduce the risk of exploitation attempts. Engage with the vendor for timely updates and verify the integrity of firmware updates before deployment.