CVE-2026-21661

EUVD-2026-27865
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.

This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Common Weakness Enumeration
References
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories