{"vulnerability": "CVE-2026-51537", "sightings": [{"uuid": "8e4a8b36-f99b-4de1-a187-f792c9b5b4db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51537", "type": "seen", "source": "https://gist.github.com/MrAlaskan/a5fb0fb7765c9df80d28220ed558f04e", "content": "# Security Advisory: CVE-2026-51537\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51537\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-125: Out-of-bounds Read\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn out-of-bounds read vulnerability exists in the Connection Manager handling of ForwardOpen requests in OpENer 2.3.0. A remotely crafted malformed CIP ForwardOpen request may cause the parser to read beyond the valid request buffer, leading to a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the Connection Manager and related message parsing logic, including `source/src/cip/cipconnectionmanager.c`, `source/src/cip/cipconnectionobject.c`, and `source/src/enet_encap/endianconv.c`, specifically the `ForwardOpenRoutine`, `ConnectionObjectInitializeFromMessage`, and low-level message read helper functions such as `GetByteFromMessage`.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and completing session registration.\n\nThe attacker can then send a crafted `SendRRData` packet carrying a malformed `ForwardOpen` or `LargeForwardOpen` request. Due to insufficient validation of the remaining request length during parsing, the malformed request may cause the parser to read beyond the valid input buffer.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/564", "creation_timestamp": "2026-07-09T03:36:14.618242Z"}]}