{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T04:30:37.968","vulnerabilities":[{"cve":{"id":"CVE-2026-21878","sourceIdentifier":"security-advisories@github.com","published":"2026-02-13T19:17:28.650","lastModified":"2026-02-18T18:49:16.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3."},{"lang":"es","value":"BACnet Stack es una librería C de pila de protocolos BACnet de código abierto para sistemas embebidos. Antes de la versión 1.5.0.rc3, se ha descubierto una vulnerabilidad en la funcionalidad de escritura de archivos de BACnet Stack donde no hay validación de las rutas de archivo proporcionadas por el usuario, lo que permite a los atacantes escribir archivos en directorios arbitrarios. Esto afecta a apps/readfile/main.c y ports/posix/bacfile-posix.c. Esta vulnerabilidad está corregida en la versión 1.5.0.rc3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bacnetstack:bacnet_stack:1.5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"2B47182E-6B7F-4C53-904A-EB37C9C0A439"},{"vulnerable":true,"criteria":"cpe:2.3:a:bacnetstack:bacnet_stack:1.5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"CF491863-1A31-4A23-A6AC-DF7545FCAA48"}]}]}],"references":[{"url":"https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-p8rx-c26w-545j","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}}]}