CVE-2026-21659

Summary

Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsFrick Controls Quantum HDFrick Controls Quantum HD version 10.22 and prioraffected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References