CVE-2026-21661 | THREATINT

Description

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.

PUBLISHED Reserved 2026-01-02 | Published 2026-05-06 | Updated 2026-05-06 | Assigner jci

HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status

unaffected

10.6 (custom) before release 10

affected

11.0 (custom) before release 9

affected

12 (custom) before release 3

affected

References

www.johnsoncontrols.com/...cybersecurity/security-advisories

cve.org (CVE-2026-21661)

nvd.nist.gov (CVE-2026-21661)

Download JSON