CVE-2026-3509: An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.





