HarborGuard / CVE
Back to search
HIGHCVE-2026-21657Published Modified CNA jci

CVE-2026-21657: Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.

Metrics

CVSS v4.0
8.8
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • Johnson Controls / Frick Controls Quantum HD
    Frick Controls Quantum HD version 10.22 and prior
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
References
CVE-2026-21657: Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution | HarborGuard CVE