PT-2026-8019 · Unknown · Bacnet Stack
Steve Karg
·
Published
2026-02-13
·
Updated
2026-02-18
·
CVE-2026-21878
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BACnet Stack versions prior to 1.5.0.rc3
Description
The BACnet Stack software contains a flaw in its file writing functionality. Specifically, there is a lack of validation for user-supplied file paths, which could allow attackers to write files to arbitrary directories. The affected files are
apps/readfile/main.c and ports/posix/bacfile-posix.c.Recommendations
Update to version 1.5.0.rc3 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bacnet Stack