CVE-2026-3631
Published: 09 March 2026
Summary
CVE-2026-3631 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Deltaww Commgr2. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-3631 is a buffer over-read vulnerability (CWE-125) affecting Delta Electronics COMMGR2 software. Published on March 9, 2026, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a high-severity denial-of-service risk due to improper bounds checking during data processing.
Remote attackers require no authentication or user interaction and face low attack complexity to exploit the flaw over the network. Successful exploitation triggers a buffer over-read, leading to application crashes or resource exhaustion that severely impacts availability, while confidentiality and integrity remain unaffected.
Delta Electronics has released security advisory PCSA-2026-00005, detailing this vulnerability alongside CVE-2026-3630. Security practitioners should review the advisory document at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00005_COMMGR%202%20Multiple%20Vulnerabilities%20(CVE-2026-3630,%20CVE-2026-3631).pdf for recommended mitigations and patching guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10287
Vulnerability details
Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer over-read enables remote unauthenticated exploitation causing application crash/resource exhaustion, directly mapping to application/system exploitation for DoS (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of known software flaws like the buffer over-read in Delta Electronics COMMGR2 via patching as per the vendor advisory.
Implements memory protection mechanisms that directly mitigate buffer over-read vulnerabilities by enforcing bounds and preventing unauthorized memory access.
Mandates validation of information inputs to enforce proper bounds checking and block malformed data that triggers the COMMGR2 buffer over-read DoS.