Cyber Daily Report

News

Home News

CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution

  • None--securityboulevard.com
  • published date: 2026-03-19 00:00:00 UTC

None

<div data-elementor-type="wp-post" data-elementor-id="10723" class="elementor elementor-10723" data-elementor-post-type="post"> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-4b3a23b e-con-full e-flex e-con e-parent" data-id="4b3a23b" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-c3745e6 elementor-widget elementor-widget-heading" data-id="c3745e6" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Key Takeaways</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-d61cfc8 e-con-full e-flex e-con e-parent" data-id="d61cfc8" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1cc3550 elementor-widget elementor-widget-text-editor" data-id="1cc3550" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <ul> <li>CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA</li> <li>Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution</li> <li>NVD lists the vulnerability as analyzed; vendor advisory Delta-PCSA-2026-00005 is available addressing multiple COMMGR2 vulnerabilities</li> <li>No evidence of active exploitation in the wild; specific affected versions and patches detailed in vendor advisory</li> </ul></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-7922e98 e-con-full e-flex e-con e-parent" data-id="7922e98" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-32cc4f0 elementor-widget elementor-widget-heading" data-id="32cc4f0" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">CVE-2026-3630: What Happened?</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-7b5767d e-con-full e-flex e-con e-parent" data-id="7b5767d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-af4318e elementor-widget elementor-widget-text-editor" data-id="af4318e" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>CVE-2026-3630 represents a critical out-of-bounds write vulnerability in Delta Electronics COMMGR2, an industrial communication and engineering support component. NVD lists CWE-787 (Out-of-bounds Write), sourced from the CNA. As a result, the vulnerability enables remote attackers to execute arbitrary code without authentication or user interaction.</p> <p>The CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N indicates this is a network-accessible flaw with low attack complexity. It requires no privileges or user interaction. As a result, it earns a Critical 9.8 rating. Successful attacks could lead to full compromise of data privacy, integrity, and availability on affected systems.</p> <p>In response, Delta Electronics has released a Product Cybersecurity Advisory (Delta-PCSA-2026-00005) addressing this vulnerability alongside CVE-2026-3631, indicating joint disclosure of multiple COMMGR2 security issues.</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-fbe0a75 e-con-full e-flex e-con e-parent" data-id="fbe0a75" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9271f5c elementor-widget elementor-widget-heading" data-id="9271f5c" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Who’s Affected?</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-6b89f6a e-con-full e-flex e-con e-parent" data-id="6b89f6a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-998466b elementor-widget elementor-widget-text-editor" data-id="998466b" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The vulnerability affects Delta Electronics COMMGR2 software, which is commonly deployed in industrial automation environments, including manufacturing, building automation, energy, and logistics sectors. In particular, COMMGR2 typically runs on engineering workstations and servers that support Delta’s industrial control systems and automation equipment.</p> <p>Organizations using Delta automation products should consult the vendor’s Product Cybersecurity Advisory Delta-PCSA-2026-00005 for specific affected version ranges and patch information. Given the network-accessible nature of this vulnerability, systems with COMMGR2 exposed to network traffic represent the highest risk exposure.</p> <p>Industrial environments where COMMGR2 is installed on operator or engineering workstations may face particular risk, as successful exploitation could potentially enable attackers to pivot into operational technology (OT) networks or manipulate industrial control configurations.</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-60e74a5 e-con-full e-flex e-con e-parent" data-id="60e74a5" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9fec738 elementor-widget elementor-widget-heading" data-id="9fec738" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Want to Learn More?</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-40b423a e-con-full e-flex e-con e-parent" data-id="40b423a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-c1ba1ef elementor-widget elementor-widget-text-editor" data-id="c1ba1ef" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Contact us at <a href="https://www.praetorian.com/contact/">Praetorian</a> to learn how our offensive security team can help you assess your exposure to CVE-2026-3630 and other emerging threats.</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-c3d038d e-con-full e-flex e-con e-parent" data-id="c3d038d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-2f1ae9b elementor-widget elementor-widget-heading" data-id="2f1ae9b" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">References</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-4741609 e-con-full e-flex e-con e-parent" data-id="4741609" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-7aa6937 elementor-widget elementor-widget-text-editor" data-id="7aa6937" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <ul> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-3630" rel="noopener noreferrer">NVD — CVE-2026-3630</a></li> <li><a href="https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-05" rel="noopener noreferrer">CISA Advisory</a></li> <li><a href="https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07" rel="noopener noreferrer">CISA Advisory</a></li> </ul></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-3d477fe e-con-full e-flex e-con e-parent" data-id="3d477fe" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1158cf6 elementor-widget elementor-widget-heading" data-id="1158cf6" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Disclaimer</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-2742f51 e-con-full e-flex e-con e-parent" data-id="2742f51" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-05026e7 elementor-widget elementor-widget-text-editor" data-id="05026e7" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p><em>The information presented reflects our best understanding as of the publication date based on publicly available advisories, NVD data, and vendor disclosures. Details may evolve as new information becomes available. We will update this post if material changes occur. Praetorian makes no guarantees regarding the completeness or accuracy of third-party disclosures referenced herein.</em></p> </div> </div> </div><p>The post <a href="https://www.praetorian.com/blog/cve-2026-3630/">CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution</a> appeared first on <a href="https://www.praetorian.com/">Praetorian</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/cve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution/" data-a2a-title="CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&amp;linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&amp;linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&amp;linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&amp;linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&amp;linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.praetorian.com/blog/">Offensive Security Blog: Latest Trends in Hacking | Praetorian</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by n8n-publisher">n8n-publisher</a>. Read the original post at: <a href="https://www.praetorian.com/blog/cve-2026-3630/">https://www.praetorian.com/blog/cve-2026-3630/</a> </p>

Most Popular

Identity-Centric Security Strategies for Hybrid Workforces

  • Oluwakorede Akinsete -- securityboulevard.com
  • Published date: 2026-03-19 00:00:00 UTC

CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution

  • None -- securityboulevard.com
  • Published date: 2026-03-19 00:00:00 UTC

SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

  • None -- securityboulevard.com
  • Published date: 2026-03-19 00:00:00 UTC

Mapping Your Defenses to What You Need, Not What You Inherited

  • None -- securityboulevard.com
  • Published date: 2026-03-19 00:00:00 UTC

Threat Hunting and Incident Response Platform

  • None -- securityboulevard.com
  • Published date: 2026-03-18 00:00:00 UTC