cvedb.io
CVE-2026-31156
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-05-13T16:16:38.763 · Last modified 2026-06-17T10:33:22.290

Summary

A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to the underlying file operation functions (fopen/ifstream/ofstream) for file reading and writing. An attacker can exploit this vulnerability by constructing a malicious path to read arbitrary readable files.

Affected products

openplcproject — openplc_v3_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when openplcproject ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.