CVE-2026-21661 PUBLISHED

AC2000 Uncontrolled Search Path Element

Assigner: jci
Reserved: 02.01.2026 Published: 06.05.2026 Updated: 06.05.2026

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.

This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS Score: 8.4

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Vendor	JohnsonControls
Product	AC2000
Versions	Default: unaffected affected from 10.6 to release 10 (excl.) affected from 11.0 to release 9 (excl.) affected from 12 to release 3 (excl.)