CVE-2026-3631
Buffer Over-read DoS in Delta Electronics COMMGR
Publication date: 2026-03-09
Last updated on: 2026-03-10
Assigner: Deltaww
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deltaww | commgr2 | to 2.11.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the risk of CVE-2026-3631, users are strongly advised to upgrade Delta Electronics COMMGR 2 to version v2.11.1 or later, as the vulnerability has been corrected in these versions.
- Avoid clicking on untrusted internet links or opening unsolicited email attachments.
- Prevent exposure of control systems and equipment to the internet.
- Place systems behind firewalls and isolate them from business networks.
- Use secure remote access methods such as VPNs.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3631 is a high-severity out-of-bounds read vulnerability (CWE-125) affecting Delta Electronics' product COMMGR 2, specifically versions v2.11.0 and earlier."}, {'type': 'paragraph', 'content': 'This vulnerability allows the software to read memory beyond the intended buffer boundaries, which can lead to a Denial of Service (DoS) condition.'}, {'type': 'paragraph', 'content': 'It is part of multiple issues identified in COMMGR 2, and has been fixed in version v2.11.1 and later.'}] [1]
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service (DoS) by triggering a buffer over-read, which may crash the affected system or disrupt its normal operation.
Since the vulnerability does not impact confidentiality or integrity directly, the main impact is availability loss of the affected COMMGR 2 system.
This can affect control systems and equipment managed by COMMGR 2, potentially leading to operational downtime.
To mitigate this risk, users should upgrade to COMMGR 2 version v2.11.1 or newer and follow security best practices such as isolating systems from business networks and using secure remote access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.