CVE-2026-3094
Received Received - Intake
Improper File Validation in Delta CNCSoft-G2 Enables Code Execution

Publication date: 2026-03-04

Last updated on: 2026-03-06

Assigner: Deltaww

Description
Delta Electronics CNCSoft-G2Β lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3094
EUVD
EUVD-2026-9386
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
deltaww cncsoft-g2 to 2.1.0.39 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-3094 vulnerability affects the CNCSoft-G2 product by Delta Electronics, specifically versions 2.1.0.34 and earlier.

It is a high-severity out-of-bounds write vulnerability (CWE-787) related to file parsing. This means that when the software parses a user-supplied file, it can write data outside the intended memory boundaries.

This improper validation of the user-supplied file can lead to memory corruption or arbitrary code execution, allowing an attacker to execute code in the context of the current process.

Impact Analysis

If exploited, this vulnerability can allow an attacker to execute arbitrary code within the context of the CNCSoft-G2 process.

This can lead to serious impacts including compromise of the affected system, potential disruption of control systems, and unauthorized actions performed by the attacker.

Because the vulnerability involves out-of-bounds memory writes, it can cause memory corruption, which might result in crashes or unpredictable behavior.

Users are strongly advised to update to version 2.1.0.39 or later to mitigate this risk, as no workaround is available.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection commands or methods to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate the CVE-2026-3094 vulnerability in Delta Electronics CNCSoft-G2, you should immediately update the software to version 2.1.0.39 or later, as this version addresses the vulnerability.

  • Avoid clicking on untrusted internet links or opening unsolicited email attachments.
  • Prevent exposure of control systems and equipment to the internet.
  • Place systems behind firewalls and isolate them from business networks.
  • Use secure remote access methods such as VPNs.

Contact Delta Electronics customer service for additional support and guidance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3094. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart