Cyber Resilience

CVE-2026-3631

High

Published: 09 March 2026

Published
09 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0002 5.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3631 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Deltaww Commgr2. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-3631 is a buffer over-read vulnerability (CWE-125) affecting Delta Electronics COMMGR2 software. Published on March 9, 2026, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a high-severity denial-of-service risk due to improper bounds checking during data processing.

Remote attackers require no authentication or user interaction and face low attack complexity to exploit the flaw over the network. Successful exploitation triggers a buffer over-read, leading to application crashes or resource exhaustion that severely impacts availability, while confidentiality and integrity remain unaffected.

Delta Electronics has released security advisory PCSA-2026-00005, detailing this vulnerability alongside CVE-2026-3630. Security practitioners should review the advisory document at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00005_COMMGR%202%20Multiple%20Vulnerabilities%20(CVE-2026-3630,%20CVE-2026-3631).pdf for recommended mitigations and patching guidance.

EU & UK References

Vulnerability details

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer over-read enables remote unauthenticated exploitation causing application crash/resource exhaustion, directly mapping to application/system exploitation for DoS (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3630Same product: Deltaww Commgr2
CVE-2026-23388Shared CWE-125
CVE-2025-24265Shared CWE-125
CVE-2025-21717Shared CWE-125
CVE-2026-6918Shared CWE-125
CVE-2026-25942Shared CWE-125
CVE-2024-46670Shared CWE-125
CVE-2026-48132Shared CWE-125
CVE-2026-22023Shared CWE-125
CVE-2025-1673Shared CWE-125

Affected Assets

deltaww
commgr2
≤ 2.11.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of known software flaws like the buffer over-read in Delta Electronics COMMGR2 via patching as per the vendor advisory.

prevent

Implements memory protection mechanisms that directly mitigate buffer over-read vulnerabilities by enforcing bounds and preventing unauthorized memory access.

prevent

Mandates validation of information inputs to enforce proper bounds checking and block malformed data that triggers the COMMGR2 buffer over-read DoS.

References