CVE-2026-21661

Summary

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.

This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.

Affected Software

VendorProductVersion RangeStatus
JohnsonControlsAC200010.6 < release 10affected
JohnsonControlsAC200011.0 < release 9affected
JohnsonControlsAC200012 < release 3affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References