CVE-2026-21878 - BACnet Stack Improperly Limits Pathnames to a Restricted Directory

CVE ID : CVE-2026-21878 Published : Feb. 13, 2026, 7:17 p.m. | 1 hour, 17 minutes ago Description : BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...