Skip to content
Threat Feed
high advisory

CODESYS Control Runtime System Audit Log DoS Vulnerability (CVE-2026-3509)

An unauthenticated remote attacker can exploit CVE-2026-3509 in the CODESYS Control runtime system to control the format string of messages processed by the Audit Log, leading to a denial-of-service (DoS) condition.

CVE-2026-3509 describes a format string vulnerability within the Audit Log of the CODESYS Control runtime system. This vulnerability allows an unauthenticated remote attacker to influence the format string of messages processed by the affected system. Successful exploitation of this vulnerability results in a denial-of-service (DoS) condition, impacting the availability of the CODESYS Control runtime system. The vulnerability was reported on March 24, 2026. CODESYS is a popular development…

Detection coverage 2

Detect Suspicious Network Requests to CODESYS Audit Log

high

Detects network requests to CODESYS Control runtime system that might exploit the format string vulnerability (CVE-2026-3509).

sigma tactics: denial_of_service techniques: T1499.001 sources: network_connection, windows

Detect CODESYS Process Crash

critical

Detects a CODESYS process crash which may indicate a denial of service via CVE-2026-3509

sigma tactics: denial_of_service techniques: T1499.001 sources: process_creation, windows

Detection queries are kept inside the platform. Get full rules →