๐Ÿ” CVE Alert

CVE-2026-15105

MEDIUM 6.3

davenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserialization

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-502 CWE-20
Vendor davenardella
Product snap7
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for davenardella snap7

Be the first to know when new medium vulnerabilities affecting davenardella snap7 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

davenardella / snap7
1.4.0 1.4.1 1.4.2 1.4.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376946 vuldb.com: https://vuldb.com/vuln/376946/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15105 vuldb.com: https://vuldb.com/submit/851026 github.com: https://github.com/davenardella/snap7/issues/16 github.com: https://github.com/user-attachments/files/28681740/poc.zip github.com: https://github.com/davenardella/snap7/

Credits

Chuan Wei ๐Ÿ” VULL (VulDB User) VULL (VulDB User) VulDB CNA Team