CVE-2026-38719

Name of the Vulnerable Software and Affected Versions OpENer version 2.3-558-g1e99582

Description An out-of-bounds read exists in the Common Packet Format (CPF) parser, specifically within the CreateCommonPacketFormatStructure() function located in source/src/enet encap/cpf.c. This occurs when a crafted ENIP/CPF message provides an attacker-controlled item count value that is not consistently validated against the remaining data length of the CPF slice.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.