CVE-2026-1950 Deltaww CVE debrief

Who should care

Organizations that operate Delta Electronics AS320T devices, especially if the firmware is older than 1.16 or the device is reachable over a network, should prioritize this issue. Security teams responsible for industrial or embedded device fleets should also check whether AS320T firmware is present in their inventory.

Technical summary

NVD lists the affected component as cpe:2.3:o:deltaww:as320t_firmware with vulnerable versions ending before 1.16. The weakness is identified as CWE-121, and the CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The source description says there is no length check for the buffer associated with the file name, which is consistent with a stack-based buffer overflow condition.

Defensive priority

Immediate

Recommended defensive actions

• Inventory all Delta Electronics AS320T devices and confirm installed firmware versions.
• Upgrade AS320T firmware to version 1.16 or later, following the vendor advisory and maintenance guidance.
• Restrict network access to management or service interfaces until affected systems are patched.
• Validate remediation using the vendor advisory and NVD record for CVE-2026-1950.
• Monitor affected systems for unexpected crashes, reboots, or other instability while remediation is underway.

Evidence notes

This debrief is based on the NVD CVE record and the linked Delta Electronics advisory referenced by NVD. NVD marks the issue as analyzed, gives it CVSS 9.8 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and lists CWE-121. The vulnerable CPE range is firmware before 1.16. The NVD reference list includes the vendor advisory for multiple AS320T vulnerabilities covering CVE-2026-1949 through CVE-2026-1952.

Official resources