Out-of-Bounds Read Vulnerability in OpENer by EIPStackGroup
CVE-2026-38719

6.2MEDIUM

Key Information:

Vendor: EIPStackGroup
Status: OpENer
Vendor: CVE Published:; 18 May 2026

🔔 Create EIPStackGroup Vulnerability Alert

What is CVE-2026-38719?

The OpENer product version v2.3-558-g1e99582 contains a vulnerability within its Common Packet Format (CPF) parser. This issue arises in the CreateCommonPacketFormatStructure() function, where the item_count value can be targeted by an attacker through crafted ENIP/CPF messages. Due to insufficient validation of the item_count against the actual data_length of the CPF slice, this creates a risk of out-of-bounds read, which could potentially lead to unauthorized access or manipulation of sensitive data. Security measures should be implemented to validate all user inputs and ensure data integrity.

References

https://github.com/EIPStackGroup/OpENer

https://github.com/EIPStackGroup/OpENer/issues/558

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-38719 Data

JSON