CVE-2026-3509

Published: Mar 24, 2026 Last Modified: Mar 24, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.

134

Use of Externally-Controlled Format String

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Read Memory Modify Memory Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: C, C++, Not Language-Specific, Perl

Likelihood of Exploit: High

View CWE Details

https://certvde.com/de/advisories/VDE-2026-018

CVE-2026-3509

Description

Use of Externally-Controlled Format String

Common Consequences

Applicable Platforms

Iscriviti alla newsletter