CVE-2026-3094

HIGH 7.8

File Parsing Out-Of-Bounds Write in CNCSoft-G2

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

CWE	CWE-787
Vendor	deltaww
Product	cncsoft-g2
Published	Mar 4, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for deltaww cncsoft-g2

Be the first to know when new high vulnerabilities affecting deltaww cncsoft-g2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

deltaww / CNCSoft-G2

0 < 2.1.0.39

References

NVD ↗ CVE.org ↗ EPSS Data ↗

filecenter.deltaww.com: https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00004_CNCSoft-G2_File%20Parsing%20Out-Of-Bounds%20Write.pdf

Credits

🔍 Natnael Samson (@NattiSamson) working with TrendAI Zero Day Initiative CISA