Vendor
An authenticated arbitrary file write vulnerability (CVE-2026-14480) in OpenPLC v3's legacy web UI program-upload workflow allows attackers to write arbitrary files, escalating to arbitrary native code execution as the OpenPLC runtime user when an operator triggers program compilation.