CVE-2026-26264

Name of the Vulnerable Software and Affected Versions BACnet Stack versions prior to 1.5.0rc4 BACnet Stack versions prior to 1.4.3rc2

Description BACnet Stack is a BACnet open source protocol stack C library for embedded systems. A crafted WriteProperty request can cause a length underflow in the BACnet stack, resulting in an out-of-bounds read and a denial-of-service (DoS) condition. The issue resides in the wp decode service request function within the wp.c file. Specifically, the bacnet unsigned context decode function receives an incorrect size calculation (apdu len - apdu size) due to a missing validation check where apdu size is greater than apdu len, leading to the out-of-bounds read.

Recommendations Update to BACnet Stack version 1.5.0rc4 or later. Update to BACnet Stack version 1.4.3rc2 or later.