CVE-2025-34226

Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3

Description The software contains an input validation flaw in the /upload-program-action API endpoint. The epoch time parameter, when submitting program uploads, is not validated, potentially leading to corruption of the programs database. A successful exploit allows continued operation until a restart, at which point the runtime may fail to start due to database corruption, resulting in a denial of service. Recovery requires a complete rebase of the product.

Recommendations Update to a version that includes commit 095ee09 or commit 095ee09623dd229b64ad3a1db38a901a3772f6fc.