CVE-2026-15105
davenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserialization
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-502 CWE-20 |
| Vendor | davenardella |
| Product | snap7 |
| Published | Jul 8, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for davenardella snap7
Be the first to know when new medium vulnerabilities affecting davenardella snap7 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
davenardella / snap7
1.4.0 1.4.1 1.4.2 1.4.3
References
vuldb.com: https://vuldb.com/vuln/376946 vuldb.com: https://vuldb.com/vuln/376946/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15105 vuldb.com: https://vuldb.com/submit/851026 github.com: https://github.com/davenardella/snap7/issues/16 github.com: https://github.com/user-attachments/files/28681740/poc.zip github.com: https://github.com/davenardella/snap7/
Credits
Chuan Wei ๐ VULL (VulDB User) VULL (VulDB User) VulDB CNA Team