CVE-2026-21661

Vulnerability Description

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.

Related Weaknesses (CWE)

CWE-427

References

https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

FAQ

What is CVE-2026-21661?

CVE-2026-21661 is a documented vulnerability. Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release...

How severe is CVE-2026-21661?

CVSS scoring is not yet available for CVE-2026-21661. Check NVD for updates.

Is there a patch for CVE-2026-21661?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.