cvedb.io
CVE-2026-21878
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-02-13T19:17:28.650 · Last modified 2026-06-17T10:19:04.633

Summary

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3.

Affected products

bacnetstack — bacnet_stack

Does this affect you?

Add your gear to cvedb and we'll alert you only when bacnetstack ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.