CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).
Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:4diac_forte:*:*:*:*:*:*:*:*

History

02 Jul 2026, 20:04

Type Values Removed Values Added
CPE cpe:2.3:a:eclipse:4diac_forte:*:*:*:*:*:*:*:*
References () https://gitlab.eclipse.org/security/cve-assignment/-/work_items/109 - () https://gitlab.eclipse.org/security/cve-assignment/-/work_items/109 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Eclipse 4diac Forte
Eclipse

18 Jun 2026, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-18 14:17

Updated : 2026-07-02 20:04


NVD link : CVE-2026-9158

Mitre link : CVE-2026-9158

CVE.ORG link : CVE-2026-9158


JSON object : View

Products Affected

eclipse

  • 4diac_forte
CWE
CWE-416

Use After Free