PatchSiren cyber security CVE debrief
CVE-2026-1952 Deltaww CVE debrief
CVE-2026-1952 is a critical-severity vulnerability affecting Delta Electronics AS320T firmware. NVD describes it as a denial-of-service issue tied to an undocumented subfunction, with a network attack vector and no privileges or user interaction required. The NVD record also lists vulnerable AS320T firmware versions prior to 1.16. For industrial or OT environments, this is most important where the device is exposed on reachable networks or supports operationally sensitive functions.
- Vendor
- Deltaww
- Product
- CVE-2026-1952
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-24
- Original CVE updated
- 2026-05-11
- Advisory published
- 2026-04-24
- Advisory updated
- 2026-05-11
Who should care
Organizations operating Delta Electronics AS320T devices, especially OT/industrial control teams, plant engineers, and asset owners running firmware versions prior to 1.16. Security teams responsible for segmentation, patching, and availability monitoring should treat this as high priority because the issue can be triggered remotely and may disrupt device availability.
Technical summary
According to the NVD record and the linked Delta advisory, CVE-2026-1952 affects AS320T firmware versions earlier than 1.16. The vulnerability is associated with CWE-912 and is described as a denial-of-service condition involving an undocumented subfunction. NVD assigns CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting a remotely reachable issue with no authentication or user action required. The practical impact is service disruption and potential loss of availability for affected devices.
Defensive priority
Critical. Remote, unauthenticated, low-complexity exposure combined with industrial device availability impact makes this a top-priority remediation item for any environment using affected firmware.
Recommended defensive actions
- Upgrade Delta Electronics AS320T firmware to version 1.16 or later, using the vendor guidance referenced in the advisory.
- Confirm whether any deployed AS320T units are running firmware versions earlier than 1.16 and prioritize those assets for remediation.
- Reduce exposure by limiting network access to the device to only trusted management and operational segments.
- Monitor for abnormal resets, hangs, or loss-of-service conditions affecting AS320T units.
- If immediate patching is not possible, apply vendor-recommended compensating controls and document the risk until remediation is complete.
Evidence notes
Source evidence comes from the official NVD record for CVE-2026-1952 and its linked Delta Electronics vendor advisory. NVD states the vulnerable firmware range as versions before 1.16 and lists a vendor advisory PDF as a reference. The CVE was published on 2026-04-24 and last modified on 2026-05-11; those dates are used here as the disclosure timeline.
Official resources
-
CVE-2026-1952 CVE record
CVE.org
-
CVE-2026-1952 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
759f5e80-c8e1-4224-bead-956d7b33c98b - Vendor Advisory
Publicly disclosed on 2026-04-24 via the official CVE/NVD record, with a vendor advisory referenced in the NVD entry. The record was last modified on 2026-05-11.