What is the CVSS score of CVE-2026-1951?

CVE-2026-1951 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Delta AS320T are affected by CVE-2026-1951?

Delta Electronics AS320T industrial automation controllers are vulnerable to unauthenticated remote code execution via a directory name buffer overflow (CVE-2026-1951, CVSS 9.8).

How to fix or mitigate CVE-2026-1951?

Within 24 hours: Inventory all Delta Electronics AS320T devices in your environment and document network accessibility (direct internet exposure, accessible from untrusted networks). Immediately isolate any internet-facing AS320T instances to trusted administrative networks only. Within 7 days: Implement network segmentation-restrict AS320T access to authorized engineering networks only; deploy firewall rules blocking external connections to AS320T ports; enable network monitoring/IDS signatures for exploitation attempts. Monitor Delta Electronics security advisories (reference PCSA-2026-00006) daily for patch release. Within 30 days: Once vendor releases a patched firmware version, plan and execute updates in maintenance windows, prioritizing internet-exposed devices first.

Delta AS320T CVE-2026-1951

EUVD-2026-25403 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-04-24 Deltaww

GHSA-cc2v-9v42-3c8q

Buffer Overflow Stack Overflow

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 07:22 vuln.today

cvss_changed

Analysis Generated

Apr 24, 2026 - 07:00 vuln.today

EUVD ID Assigned

Apr 24, 2026 - 06:45 euvd

EUVD-2026-25403

Analysis Generated

Apr 24, 2026 - 06:45 vuln.today

CVE Published

Apr 24, 2026 - 06:13 nvd

CRITICAL 9.8

DescriptionNVD

Delta Electronics AS320T has no checking of the length of the buffer with the directory name

vulnerability.

AnalysisAI

Unchecked directory name buffer in Delta Electronics AS320T enables remote code execution without authentication. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is a remotely exploitable stack buffer overflow (CWE-121) requiring no user interaction or credentials. …

RemediationAI

Within 24 hours: Inventory all Delta Electronics AS320T devices in your environment and document network accessibility (direct internet exposure, accessible from untrusted networks). Immediately isolate any internet-facing AS320T instances to trusted administrative networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-1951 vulnerability details – vuln.today

Back

Delta AS320T CVE-2026-1951

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code