Eclipse 4diac FORTE 3.0-3.1 UAF via DELETE conn cmd in mgmt interface
CVE-2026-9158 Published on June 18, 2026

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-9158 has been classified to as a Dangling pointer vulnerability or weakness.

Affected Versions

Eclipse Foundation Eclipse 4diac:

Version 3.0.0, <= 3.1.0 is affected.

Eclipse 4diac FORTE 3.0-3.1 UAF via DELETE conn cmd in mgmt interfaceCVE-2026-9158 Published on June 18, 2026

Weakness Type

What is a Dangling pointer Vulnerability?

Affected Versions

Eclipse 4diac FORTE 3.0-3.1 UAF via DELETE conn cmd in mgmt interface
CVE-2026-9158 Published on June 18, 2026