Product
An authenticated attacker can exploit CVE-2026-11826, a heap-based buffer overflow in OpenPLC_v3's web interface, by sending a crafted HTTP POST request to the /modbus endpoint with an oversized device_name value, causing heap corruption, a runtime crash, and denial of service of the PLC process control loop, with no expected patch.