ACCORDING to CISA, successful exploitation of the vulnerability could allow an attacker to achieve remote code execution on the Delta Electronics CNCSoft-G2 device. The affected product is Delta Electronics CNCSoft-G2, with versions prior to V2.1.0.39 vulnerable to an Out-of-Bounds Write while parsing DPAX files in the DOPSoft component, corresponding to CVE-2026-3094 and a CVSS v3.1 base score of 7.8.
Delta Electronics recommends updating to Version 2.1.0[.]39, available from the Delta Electronics download centre, and provides a related security advisory Delta-PCSA-2026-00004 in PDF format. The advisory notes no known public exploitation targeting this vulnerability reported to CISA at this time, and states the vulnerability is not exploitable remotely.