Skip to main content

Eclipse 4diac FORTE EUVDEUVD-2026-37896

| CVE-2026-9158 MEDIUM
Use After Free (CWE-416)
2026-06-18 emo@eclipse.org GHSA-j8fr-ghg4-6wpr
5.2
CVSS 4.0 · Vendor: eclipse
Share

Severity by source

Vendor (eclipse) PRIMARY
5.2 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:L/U:Green
vuln.today AI
8.3 HIGH

Adjacent vector matches management interface exposure; PR:N per provided CVSS 4.0; integrity and availability both High due to use-after-free corruption and crash potential; confidentiality Low for incidental memory disclosure.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (eclipse).

CVSS VectorVendor: eclipse

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:L/U:Green
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
P

Lifecycle Timeline

1
Analysis Generated
Jun 18, 2026 - 14:35 vuln.today

DescriptionCVE.org

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

AnalysisAI

Use-after-free in Eclipse 4diac FORTE versions 3.0.0-3.1.0 allows adjacent, unauthenticated attackers to corrupt process memory by sending a specially crafted DELETE connection command to the management interface, leaving a dangling pointer exploitable by subsequent commands. The impact spans memory integrity corruption and availability loss (runtime crash), with a minor confidentiality exposure from stale freed-memory reads - meaningful risks in industrial automation deployments where FORTE orchestrates IEC 61499 distributed control logic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent network access to FORTE management port
Delivery
Send crafted DELETE connection command
Exploit
Trigger dangling pointer in connection object
Execution
Issue follow-on management command
Persist
Dereference freed heap memory
Impact
Crash runtime or read stale memory contents

Vulnerability AssessmentAI

Exploitation Exploitation requires adjacent network access to the Eclipse 4diac FORTE management interface - the attacker must be on the same network segment or subnet as the target FORTE instance (AV:A). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.2 (Medium) reflects the Adjacent network vector (AV:A), which meaningfully constrains exploitability compared to internet-facing services - an attacker must already have layer-2 or same-subnet access to the FORTE management port. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the industrial control network segment hosting a FORTE 3.0.0-3.1.0 runtime - for example, a compromised engineering workstation or a rogue device on the OT LAN - sends a specially crafted DELETE connection command to the FORTE management interface without requiring credentials. This leaves a dangling pointer in the runtime heap; the attacker then issues follow-on management commands to trigger dereference of the freed memory, causing the FORTE runtime to crash (denying PLC-equivalent process control) or achieving controlled memory reads. …
Remediation Consult the Eclipse 4diac security tracker at https://gitlab.eclipse.org/security/cve-assignment/-/work_items/109 for patch availability and the confirmed fixed version - no exact fix version was present in the source intelligence, so 'Upstream fix available per vendor tracker; released patched version not independently confirmed' is the accurate patch status. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37896 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy