CVE-2026-21878

High CVSS: 7.5

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3.

Vendor

Bacnetstack

Product

Bacnet Stack

CWE

CWE-22

Yayın Tarihi

2026-02-13 19:17:28

Güncelleme

2026-02-18 18:49:16

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Bacnet Stack HIGH Bacnetstack 2026

Referanslar

https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3 https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-p8rx-c26w-545j

Benzer Kayıtlar

High

CVE-2026-26264

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a ma…

Medium

CVE-2026-21870

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communicat…

High

CVE-2025-66624

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communicat…