CVE-2026-31156

Name of the Vulnerable Software and Affected Versions OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a)

Description A path injection issue exists in the binary program compiled from glue generator.cpp. The software fails to validate file path parameters passed via the command line, specifically the varName and varType parameters. These user-controlled inputs are passed directly to file operation functions such as fopen(), ifstream, and ofstream, allowing a remote attacker to read and write arbitrary files by constructing malicious paths.

Recommendations For version 2c82b0e79c53f8c1f1458eee15fec173400d6e1a, restrict access to the binary compiled from glue generator.cpp to prevent unauthorized command-line input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.