MEDIUM
EIPStackGroup
CVE published 2026-05-18
CVE-2026-38719
A medium-severity out-of-bounds read vulnerability exists in OpENer v2.3-558-g1e99582, an open-source EtherNet/IP stack implementation. The flaw resides in the Common Packet Format (CPF) parser within `CreateCommonPacketFormatStructure()` in `source/src/enet_encap/cpf.c`. An attacker can craft a malicious ENIP/CPF message with a manipulated `item_count` value that is not consistently validated against the [truncated]