CVE-2026-31156

EIP tracks 1 public exploit for CVE-2026-31156. PoCs published by unicorn-hyh.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2026-31156, an arbitrary file read vulnerability in OpenPLC-v3 due to improper input validation in `glue_generator.cpp`. It includes root cause analysis, attack prerequisites, and a proof-of-concept demonstration.

A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to the underlying file operation functions (fopen/ifstream/ofstream) for file reading and writing. An attacker can exploit this vulnerability by constructing a malicious path to read arbitrary readable files.