{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-21661","assignerOrgId":"7281d04a-a537-43df-bfb4-fa4110af9d01","state":"PUBLISHED","assignerShortName":"jci","dateReserved":"2026-01-02T13:23:28.170Z","datePublished":"2026-05-06T16:21:13.885Z","dateUpdated":"2026-05-06T19:02:28.291Z"},"containers":{"cna":{"providerMetadata":{"orgId":"7281d04a-a537-43df-bfb4-fa4110af9d01","shortName":"jci","dateUpdated":"2026-05-06T16:21:13.885Z"},"title":"AC2000 Uncontrolled Search Path Element","datePublic":"2026-05-05T04:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-427","description":"CWE-427 Uncontrolled Search Path Element","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-38","descriptions":[{"lang":"en","value":"CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}],"affected":[{"vendor":"JohnsonControls","product":"AC2000","platforms":["Windows"],"versions":[{"status":"affected","version":"10.6","lessThan":"release 10","versionType":"custom"},{"status":"affected","version":"11.0","lessThan":"release 9","versionType":"custom"},{"status":"affected","version":"12","lessThan":"release 3","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:ac2000:*:*:windows:*:*:*:*:*","versionStartIncluding":"10.6","versionEndExcluding":"release_10"},{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:ac2000:*:*:windows:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"release_9"},{"vulnerable":true,"criteria":"cpe:2.3:a:johnsoncontrols:ac2000:*:*:windows:*:*:*:*:*","versionStartIncluding":"12","versionEndExcluding":"release_3"}]}]}],"descriptions":[{"lang":"en","value":"Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.\n\nThis issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.","supportingMedia":[{"type":"text/html","base64":false,"value":"Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.<p>This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.</p>"}]}],"references":[{"url":"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.4,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-06T18:57:03.955511Z","id":"CVE-2026-21661","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-06T19:02:28.291Z"}}]}}