CVE-2026-9158
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).
Risk Assessment
An attacker could exploit this vulnerability to achieve remote code execution or cause a system crash, threatening the integrity and availability of industrial applications based on Eclipse 4diac.
Recommendation
Immediately update Eclipse 4diac FORTE to version 3.2.0 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

