CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution
CVE-2026-3342: Critical Out-of-Bounds Write Vulnerability in WatchGuard Fireware OS
CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA
Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution
NVD lists the vulnerability as analyzed; vendor advisory Delta-PCSA-2026-00005 is available addressing multiple COMMGR2 vulnerabilities
No evidence of active exploitation in the wild; specific affected versions and patches detailed in vendor advisory
CVE-2026-3630 represents a critical out-of-bounds write vulnerability in Delta Electronics COMMGR2, an industrial communication and engineering support component. NVD lists CWE-787 (Out-of-bounds Write), sourced from the CNA. As a result, the vulnerability enables remote attackers to execute arbitrary code without authentication or user interaction.
The CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N indicates this is a network-accessible flaw with low attack complexity. It requires no privileges or user interaction. As a result, it earns a Critical 9.8 rating.Ā Successful attacks could lead to full compromise of data privacy, integrity, and availability on affected systems.
In response, Delta Electronics has released a Product Cybersecurity Advisory (Delta-PCSA-2026-00005) addressing this vulnerability alongside CVE-2026-3631, indicating joint disclosure of multiple COMMGR2 security issues.
The vulnerability affects Delta Electronics COMMGR2 software, which is commonly deployed in industrial automation environments, including manufacturing, building automation, energy, and logistics sectors. In particular, COMMGR2 typically runs on engineering workstations and servers that support Deltaās industrial control systems and automation equipment.
Organizations using Delta automation products should consult the vendorās Product Cybersecurity Advisory Delta-PCSA-2026-00005 for specific affected version ranges and patch information. Given the network-accessible nature of this vulnerability, systems with COMMGR2 exposed to network traffic represent the highest risk exposure.
Industrial environments where COMMGR2 is installed on operator or engineering workstations may face particular risk, as successful exploitation could potentially enable attackers to pivot into operational technology (OT) networks or manipulate industrial control configurations.
Contact us at Praetorian to learn how our offensive security team can help you assess your exposure to CVE-2026-3630 and other emerging threats.
The information presented reflects our best understanding as of the publication date based on publicly available advisories, NVD data, and vendor disclosures. Details may evolve as new information becomes available. We will update this post if material changes occur. Praetorian makes no guarantees regarding the completeness or accuracy of third-party disclosures referenced herein.
The post CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution appeared first on Praetorian.
*** This is a Security Bloggers Network syndicated blog from Offensive Security Blog: Latest Trends in Hacking | Praetorian authored by n8n-publisher. Read the original post at: https://www.praetorian.com/blog/cve-2026-3630/
About Author
