HIGHCVE-2026-21661Published Modified CNA jci
CVE-2026-21661: AC2000 Uncontrolled Search Path Element
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.
Metrics
- CVSS v4.0
- 8.4
- Severity
- HIGH
- Fixed in
- release 10
- Affected Products
- 1
Fix available
release 10release 3release 9
Affected packages
- JohnsonControls / AC2000< release 10 (from 10.6) · < release 9 (from 11.0) · < release 3 (from 12)
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:NReferences