cbcvebase.
CVE-2026-1361
published 2026-01-27

CVE-2026-1361: ASDA-Soft Stack-based Buffer Overflow Vulnerability

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.9th percentile
ASDA-Soft Stack-based Buffer Overflow Vulnerability

Affected

2 ranges
VendorProductVersion rangeFixed in
delta_electronicsasda-soft<= 7.2.0.0
deltawwasda_soft<= 7.2.2.0

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition is parsing of .par files in ASDA-Soft <= 7.2.0.0; monitor for ASDA-Soft processes opening or being passed .par files from untrusted sources
  • The overflow corrupts a Structured Exception Handler (SEH) record on the stack; look for SEH-chain corruption indicators or unexpected exception handler overwrites in ASDA-Soft process memory
  • Root cause is an improperly validated user-controlled size parameter; a malicious .par file with an oversized size field is the attack vector — flag .par files with anomalously large size parameters
  • Exploitation requires local access and user interaction (e.g., opening a malicious .par file); alert on ASDA-Soft being launched with .par files received via email attachments or downloaded from the internet
  • ·Vulnerability is not remotely exploitable; attack vector is local (AV:L) and requires user interaction — exploitation depends on a user opening a crafted .par file
  • ·All ASDA-Soft versions up to and including 7.2.0.0 are affected; version 7.2.2.0 is the patched release
  • ·No known public exploitation targeting this vulnerability has been reported to CISA at time of advisory publication
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.