CVE-2026-21870

Published: Feb 13, 2026

Modified: Feb 13, 2026

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SIGABRT) when processing string literals longer than the buffer limit. The tokenizer_string function in src/bacnet/basic/program/ubasic/tokenizer.c incorrectly handles null termination for maximum-length strings. It writes a null byte to dest[40] when the buffer size is only 40 (indices 0-39), triggering a stack overflow.

Vendor	Product	Versions
bacnet-stack	bacnet-stack	affected `<= 1.4.2` affected `>= 1.5.0.rc1, <= 1.5.0.rc2`

Weaknesses (CWE)

CWE-193

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-pc83-wp6w-93mx

x_refsource_CONFIRM

https://github.com/bacnet-stack/bacnet-stack/pull/1196

x_refsource_MISC

https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-21870

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References