Description
Delta Electronics COMMGR2 has

Stack-based Buffer Overflow vulnerability.
Published: 2026-03-09
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Delta Electronics COMMGR2 contains a stack-based buffer overflow that can allow an attacker to overwrite return addresses and arbitrary memory locations. Based on the vulnerability type and the corresponding CWE classification, the impact is high‑severity; an attacker who can trigger the overflow could potentially execute arbitrary code with the privileges of the COMMGR2 process, leading to full system compromise. The description explicitly states a stack-based buffer overflow, but does not detail the exact trigger conditions, so it is inferred that the flaw is exploitable when input data exceeds expected bounds.

Affected Systems

All versions of DeltaWW COMMGR2 prior to v2.11.1 are potentially affected; the vendor recommends upgrading to v2.11.1 or later for a fix. No further version granularity is provided in the data, so any older build should be considered vulnerable.

Risk and Exploitability

The CVSS score of 9.8 places this flaw in the critical range, though the EPSS score of less than 1% indicates that the likelihood of exploitation is currently low. The vulnerability is not listed in CISA's KEV catalog, suggesting no known active exploitation campaigns yet. The likely attack vector is through the application’s handling of external input—an attacker could send oversized or malformed data to the COMMGR2 service, trigger the overflow, and execute malicious code; this inference is based on the described stack buffer overflow.

Generated by OpenCVE AI on April 16, 2026 at 10:24 UTC.

Remediation

Vendor Solution

Please download and upgrade COMMGR2 to v2.11.1 or later.

OpenCVE Recommended Actions

  • Upgrade COMMGR2 to version 2.11.1 or later as advised by Delta Electronics
  • If an upgrade is not immediately possible, restrict access to COMMGR2’s management interface to trusted networks only and monitor for anomalous traffic patterns that might indicate exploit attempts
  • Apply generic input validation and bounds‑checking practices to any custom extensions or configurations that interface with COMMGR2, as the underlying weakness is a lack of proper size checks (CWE‑787)

Generated by OpenCVE AI on April 16, 2026 at 10:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:deltaww:commgr2:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.
Title Stack-based Buffer Overflow Vulnerability in COMMGR2
First Time appeared Deltaww
Deltaww commgr2
CPEs cpe:2.3:a:deltaww:commgr2:*:*:windows:*:*:*:*:*
Vendors & Products Deltaww
Deltaww commgr2
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Deltaww Commgr2
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-03-09T18:27:58.403Z

Reserved: 2026-03-06T06:46:14.151Z

Link: CVE-2026-3630

cve-icon Vulnrichment

Updated: 2026-03-09T18:27:54.248Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-09T04:15:58.373

Modified: 2026-03-10T18:48:52.193

Link: CVE-2026-3630

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:30:16Z

Weaknesses