Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-14480— OpenPLC v3 External Control of File Name or Path

CVSS 9.9 · Critical EPSS 0.62% · P45

Affected Version Matrix 2

VendorProductVersion RangeStatus
OpenPLCOpenPLCv3affected
v4unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-14480

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenPLC v3 External Control of File Name or Path
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attacker‑controlled absolute paths, an authenticated user can write arbitrary files anywhere writable by the OpenPLC webserver process. In the default build pipeline, all C++ source files within the OpenPLC runtime core directory are automatically compiled into the executable runtime binary. By writing a malicious .cpp file into this directory, an authenticated attacker can escalate the arbitrary file write into arbitrary native code execution when the operator triggers a normal program compilation and runtime start.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Autonomy OpenPLC Runtime 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Autonomy OpenPLC Runtime是Autonomy公司的一款工业控制运行时软件。 Autonomy OpenPLC Runtime v3版本存在输入验证错误漏洞,该漏洞源于在legacy web UI程序上传流程中未验证或限制文件路径,直接将攻击者提供的文件名(prog_file)存入数据库并用作上传文件的目标路径,因此攻击者可以写入任意文件到webserver进程可写的位置。通过将恶意.cpp文件写入OpenPLC运行时核心目录,该文件会被编译进可执行运行时二进制文件,导致攻击者可将任意
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenPLCOpenPLC v3 -

II. Public POCs for CVE-2026-14480

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-14480

登录查看更多情报信息。

Vendor Advisories for CVE-2026-14480 (2)

IV. Related Vulnerabilities

V. Comments for CVE-2026-14480

No comments yet


Leave a comment