CVE-2026-12578
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. The following versions of Delta Electronics DTM Soft are affected: DTMSoft vers:all/* CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DTM Soft Deserialization of Untrusted Data Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-12578 The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. View CVE Details Affected Products Delta Electronics DTM Soft Vendor: Delta Electronics Product Version: Delta Electronics DTMSoft: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of the vulnerability and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it. Mitigation Avoid running as administrator: Do not use the "Run as Administrator" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code. Mitigation For more information refer to Delta Electronic's advisory page https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory Relevant CWE: CWE-502 Deserialization of Untrusted Data Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments kimiya of TrendAI Zero Day Initiative reported this vulnerability to CISA Legal Notice and Terms of Use
CSIRTS triage
- What
- The product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
- Who is affected
- Deployments of Delta Electronics DTM Soft worldwide.
- Urgency
- Remediation is urgent due to the critical severity of the vulnerability.
- Action
- Users should apply the necessary updates as soon as possible.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-12578
Get an email if CVE-2026-12578 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all EPSS-scored CVEs.
Advisory coverage (2)
- unknownCVE-2026-12578: The affected product is vulnerable to a deserialization of untrusted data, which may allow an …nvd · 2026-06-30
- criticalDelta Electronics DTM Softcisa · 2026-06-25
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-12578)