Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-1951 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-24 |
| Vendor | Delta Electronics |
| Product | AS320T |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Delta Electronics AS320T has no checking of the length of the buffer with the directory name, leading to a buffer overflow vulnerability.
Required Actions
Contact Delta Electronics to obtain a firmware update for the AS320T. Until the patch is deployed, isolate PLCs from the IT network (OT/IT segmentation), block access to AS320T network services from anything other than trusted engineering workstations, and monitor traffic for requests with excessively long directory paths.
Who Is Affected?
This vulnerability affects the Delta Electronics AS320T PLC. Check whether your organization uses this PLC in an OT/ICS environment and immediately apply network mitigations and a vendor firmware update.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
