Vulnerabilities ›

CVE-2026-22877

Low

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-servic

CWE-22 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

3.7

🔗 NVD Official

📄 Description (English)

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling unauthenticated attackers to read arbitrary files on
the system, and potentially causing a denial-of-service attack.

🤖 AI Executive Summary

CVE-2026-22877 is an arbitrary file-read vulnerability in XWEB Pro version 1.12.1 and earlier that allows unauthenticated attackers to read sensitive files on affected systems. The vulnerability could lead to information disclosure and potential denial-of-service attacks.

📄 Description (Arabic)

تتعلق هذه الثغرة بقدرة المهاجمين غير المصرحين على قراءة ملفات عشوائية من النظام دون الحاجة إلى المصادقة. يمكن استخدام هذه الثغرة للوصول إلى بيانات حساسة وملفات التكوين وتنفيذ هجمات الحرمان من الخدمة.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government banking telecom

🎯 MITRE ATT&CK Techniques

T1083 T1190 T1021

⚖️ Saudi Risk Score (AI)

4.0

/ 10.0

🔧 Remediation Steps (English)

Update XWEB Pro to version 1.12.2 or later immediately. Implement network-level access controls to restrict access to XWEB Pro instances. Apply input validation and path traversal protections. Monitor for suspicious file access patterns and implement Web Application Firewall (WAF) rules to block path traversal attempts.

🔧 خطوات المعالجة (العربية)

قم بتحديث XWEB Pro إلى الإصدار 1.12.2 أو أحدث فوراً. طبق عناصر التحكم في الوصول على مستوى الشبكة لتقييد الوصول إلى مثيلات XWEB Pro. طبق التحقق من المدخلات وحماية اجتياز المسارات. راقب أنماط الوصول إلى الملفات المريبة وطبق قواعد جدار حماية تطبيقات الويب لحجب محاولات اجتياز المسارات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.6.1

🔵 SAMA CSF

ID.AM-2 PR.AC-1 PR.AC-3

🟡 ISO 27001:2022

A.6.1.1 A.9.1.1 A.13.1.1

🔗 References & Sources 3

🔗

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json

ics-cert@hq.dhs.gov

🔗

https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate

ics-cert@hq.dhs.gov

🔗

https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

ics-cert@hq.dhs.gov

📊 CVSS Score

3.7

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityH — High

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Low

CVSS Score3.7

CWECWE-22

EPSS0.09%

Exploit No

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

4.0

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-22877

💬 Comments

Introduce Yourself

Sign In Required