Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to the underlying file operation functions (fopen/ifstream/ofstream) for file reading and writing. An attacker can exploit this vulnerability by constructing a malicious path to read arbitrary readable files.
AnalysisAI
Path traversal in OpenPLC v3 allows authenticated remote attackers to read arbitrary files via unvalidated file path parameters passed to the glue_generator binary. The vulnerability affects command-line input handling in the compiled binary derived from glue_generator.cpp, where user-controlled paths are passed directly to file operation functions (fopen, ifstream, ofstream) without validation. Exploitation requires authentication but no user interaction, and no public exploit code has been identified at the time of analysis.
Technical ContextAI
The vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) in OpenPLC v3's glue_generator binary. The glue_generator.cpp source code compiles into an executable that accepts file path parameters via command-line arguments. These paths are passed directly to C++ standard library file operations (ifstream for reading, ofstream for writing) and C standard I/O functions (fopen) without any path canonicalization, validation, or restriction to an intended directory. This allows attackers to use path traversal sequences (e.g., '../../../etc/passwd') to access files outside the intended scope, leveraging the privileges of the OpenPLC process.
RemediationAI
Patch availability and version-specific remediation details are not provided in the available data. Organizations using OpenPLC v3 should consult the OpenPLC project's GitHub repository (https://github.com/thiagoralves/OpenPLC_v3) and official advisories for patched versions. Immediate compensating controls include: (1) Restrict command-line execution of the glue_generator binary to trusted administrators only via OS-level access controls (e.g., file permissions, SELinux policies); (2) Implement network segmentation to limit remote access to OpenPLC systems to authenticated, trusted management networks; (3) Monitor file access patterns and system logs for suspicious path traversal attempts (sequences containing '../' in glue_generator invocations); (4) If available, review source code patches in the GitHub repository for manual remediation guidance. The primary mitigation depends on a vendor-released patch validating all file path inputs before use in file operations.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29960
GHSA-p6vg-5mm7-744x