Skip to main content

OpenPLC v3 EUVDEUVD-2026-29960

| CVE-2026-31156 MEDIUM
Path Traversal (CWE-22)
2026-05-13 mitre GHSA-p6vg-5mm7-744x
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 14, 2026 - 15:22 vuln.today
CVSS changed
May 14, 2026 - 15:22 NVD
6.5 (MEDIUM)
CVE Published
May 13, 2026 - 00:00 nvd
UNKNOWN (no severity yet)
CVE Published
May 13, 2026 - 00:00 nvd
MEDIUM 6.5

DescriptionCVE.org

A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to the underlying file operation functions (fopen/ifstream/ofstream) for file reading and writing. An attacker can exploit this vulnerability by constructing a malicious path to read arbitrary readable files.

AnalysisAI

Path traversal in OpenPLC v3 allows authenticated remote attackers to read arbitrary files via unvalidated file path parameters passed to the glue_generator binary. The vulnerability affects command-line input handling in the compiled binary derived from glue_generator.cpp, where user-controlled paths are passed directly to file operation functions (fopen, ifstream, ofstream) without validation. Exploitation requires authentication but no user interaction, and no public exploit code has been identified at the time of analysis.

Technical ContextAI

The vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) in OpenPLC v3's glue_generator binary. The glue_generator.cpp source code compiles into an executable that accepts file path parameters via command-line arguments. These paths are passed directly to C++ standard library file operations (ifstream for reading, ofstream for writing) and C standard I/O functions (fopen) without any path canonicalization, validation, or restriction to an intended directory. This allows attackers to use path traversal sequences (e.g., '../../../etc/passwd') to access files outside the intended scope, leveraging the privileges of the OpenPLC process.

RemediationAI

Patch availability and version-specific remediation details are not provided in the available data. Organizations using OpenPLC v3 should consult the OpenPLC project's GitHub repository (https://github.com/thiagoralves/OpenPLC_v3) and official advisories for patched versions. Immediate compensating controls include: (1) Restrict command-line execution of the glue_generator binary to trusted administrators only via OS-level access controls (e.g., file permissions, SELinux policies); (2) Implement network segmentation to limit remote access to OpenPLC systems to authenticated, trusted management networks; (3) Monitor file access patterns and system logs for suspicious path traversal attempts (sequences containing '../' in glue_generator invocations); (4) If available, review source code patches in the GitHub repository for manual remediation guidance. The primary mitigation depends on a vendor-released patch validating all file path inputs before use in file operations.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Share

EUVD-2026-29960 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy