Use-After-Free Vulnerability in Eclipse 4diac FORTE Management Interface
CVE-2026-9158

5.2MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse 4diac
Vendor: CVE Published:; 18 June 2026

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2026-9158?

A vulnerability in the management interface of Eclipse 4diac FORTE, present in versions 3.0.0 through 3.1.0, allows an attacker to exploit a specially crafted DELETE connection command. This can lead to a dangling pointer situation, permitting subsequent commands to operate on freed memory, which may allow unauthorized access to sensitive data or system behavior manipulation.

Affected Version(s)

Eclipse 4diac 3.0.0 <= 3.1.0

References

https://gitlab.eclipse.org/security/cve-assignment/-/work...

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
May 21, 2026

Credit

Cool Klaur @klaurx

CVE-2026-9158 Data

JSON