HIGHCVE-2026-3094Published 2026-03-04Modified 2026-03-18CNA Deltaww

CVE-2026-3094: File Parsing Out-Of-Bounds Write in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: 2.1.0.39
Affected Products: 1

Fix available

2.1.0.39

Affected packages

deltaww / CNCSoft-G2
< 2.1.0.39 (from 0)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

filecenter.deltaww.com

Metrics

Fix available