CVE Catalog

CVE-2026-9158

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

Risk Assessment

An attacker could exploit this vulnerability to achieve remote code execution or cause a system crash, threatening the integrity and availability of industrial applications based on Eclipse 4diac.

Recommendation

Immediately update Eclipse 4diac FORTE to version 3.2.0 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS