Cyber Resilience

CVE-2026-1951

Critical

Published: 24 April 2026

Published
24 April 2026
Modified
11 May 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0061 44.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-1951 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Deltaww As320T Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-1951 is a stack-based buffer overflow vulnerability (CWE-121) affecting Delta Electronics AS320T. The issue arises from a lack of length checking for the buffer handling directory names, which can lead to overflow conditions when processing oversized inputs.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability enables remote network-based attackers requiring no privileges or user interaction to exploit it with low complexity. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise.

Delta Electronics advisory PCSA-2026-00006 addresses this vulnerability along with CVE-2026-1949, 1950, and 1952 in the AS320T, providing details on mitigations; practitioners should consult the document at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf for patching instructions and workarounds.

EU & UK References

Vulnerability details

Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated stack buffer overflow enables arbitrary code execution against a public-facing industrial device (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1950Same product: Deltaww As320T
CVE-2026-1949Same product: Deltaww As320T
CVE-2026-1952Same product: Deltaww As320T
CVE-2025-15103Same vendor: Deltaww
CVE-2025-62582Same vendor: Deltaww
CVE-2025-62581Same vendor: Deltaww
CVE-2026-38422Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2024-39359Shared CWE-121

Affected Assets

deltaww
as320t firmware
≤ 1.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of information inputs, directly preventing stack-based buffer overflows by enforcing length checks on directory names.

prevent

SI-2 mandates identification, reporting, and correction of system flaws like this buffer overflow vulnerability through timely patching as per the vendor advisory.

prevent

SI-16 implements memory protections such as stack canaries and DEP to prevent arbitrary code execution even if a buffer overflow occurs.

References