CVE-2026-3631
Published: 09 March 2026
Summary
CVE-2026-3631 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Deltaww Commgr2. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer over-read enables remote unauthenticated exploitation causing application crash/resource exhaustion, directly mapping to application/system exploitation for DoS (T1499.004).
NVD Description
Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.
Deeper analysisAI
CVE-2026-3631 is a buffer over-read vulnerability (CWE-125) affecting Delta Electronics COMMGR2 software. Published on March 9, 2026, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a high-severity denial-of-service risk due to improper bounds checking during data processing.
Remote attackers require no authentication or user interaction and face low attack complexity to exploit the flaw over the network. Successful exploitation triggers a buffer over-read, leading to application crashes or resource exhaustion that severely impacts availability, while confidentiality and integrity remain unaffected.
Delta Electronics has released security advisory PCSA-2026-00005, detailing this vulnerability alongside CVE-2026-3630. Security practitioners should review the advisory document at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00005_COMMGR%202%20Multiple%20Vulnerabilities%20(CVE-2026-3630,%20CVE-2026-3631).pdf for recommended mitigations and patching guidance.
Details
- CWE(s)