Cyber Posture

CVE-2026-1951

Critical

Published: 24 April 2026

Published
24 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1951 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Deltaww (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 requires validation of information inputs, directly preventing stack-based buffer overflows by enforcing length checks on directory names.

SI-2 Flaw Remediation good match
prevent

SI-2 mandates identification, reporting, and correction of system flaws like this buffer overflow vulnerability through timely patching as per the vendor advisory.

SI-16 Memory Protection good match
prevent

SI-16 implements memory protections such as stack canaries and DEP to prevent arbitrary code execution even if a buffer overflow occurs.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote unauthenticated stack buffer overflow enables arbitrary code execution against a public-facing industrial device (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

Deeper analysisAI

CVE-2026-1951 is a stack-based buffer overflow vulnerability (CWE-121) affecting Delta Electronics AS320T. The issue arises from a lack of length checking for the buffer handling directory names, which can lead to overflow conditions when processing oversized inputs.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability enables remote network-based attackers requiring no privileges or user interaction to exploit it with low complexity. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise.

Delta Electronics advisory PCSA-2026-00006 addresses this vulnerability along with CVE-2026-1949, 1950, and 1952 in the AS320T, providing details on mitigations; practitioners should consult the document at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf for patching instructions and workarounds.

Details

CWE(s)
CWE-121

Affected Products

Deltaww
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-70219Shared CWE-121
CVE-2025-61128Shared CWE-121
CVE-2019-25319Shared CWE-121
CVE-2026-22904Shared CWE-121
CVE-2026-30871Shared CWE-121
CVE-2025-70222Shared CWE-121
CVE-2025-41687Shared CWE-121
CVE-2026-1950Shared CWE-121
CVE-2026-22214Shared CWE-121
CVE-2025-70226Shared CWE-121

References