CVE-2026-21661— AC2000 Uncontrolled Search Path Element
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21661
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AC2000 Uncontrolled Search Path Element
Source: NVD (National Vulnerability Database)
Vulnerability Description
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Johnson Controls AC2000 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Johnson Controls AC2000是美国江森自控(Johnson Controls)公司的一个企业级门禁与安防管理系统。 Johnson Controls AC2000存在代码问题漏洞,该漏洞源于不受控制的搜索路径元素,可能导致配置文件搜索路径被利用。以下版本受到影响:10.6版本至10之前版本、11.0版本至9之前版本和12版本至3之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| JohnsonControls | AC2000 | 10.6 ~ release 10 | - |
II. Public POCs for CVE-2026-21661
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21661
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-427
- CVE-2026-44406
DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartvie - CVE-2026-40004
openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud - CVE-2026-6788
Uncontrolled search path in PluginLauncher allows SYSTEM cod - CVE-2026-25852
Acronis DeviceLock DLP 代码问题漏洞 - CVE-2026-41373
OpenClaw < 2026.3.31 - Compiler Binary Substitution via Envi
V. Comments for CVE-2026-21661
No comments yet