CVE-2026-21878
- Source
- https://cve.org/CVERecord?id=CVE-2026-21878
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21878.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-21878
- Aliases
-
- GHSA-p8rx-c26w-545j
- Published
- 2026-02-13T18:10:26.325Z
- Modified
- 2026-02-20T01:36:24.937710Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- BACnet Stack Improperly Limits Pathnames to a Restricted Directory
- Details
-
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21878.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21878.json
- https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3
- https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-p8rx-c26w-545j
- https://nvd.nist.gov/vuln/detail/CVE-2026-21878
Affected packages
Git / github.com/bacnet-stack/bacnet-stack
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bacnet-stack/bacnet-stack
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
bacnet-stack-1.*
bacnet-stack-1.0.0
bacnet-stack-1.1.0
bacnet-stack-1.1.1
bacnet-stack-1.2.0
bacnet-stack-1.3.0
bacnet-stack-1.3.1
bacnet-stack-1.3.2
bacnet-stack-1.3.3
bacnet-stack-1.3.4
bacnet-stack-1.3.5
bacnet-stack-1.3.6
bacnet-stack-1.3.7
bacnet-stack-1.3.8
bacnet-stack-1.4.0
bacnet-stack-1.4.1
bacnet-stack-1.4.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21878.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "212712125589128597040087559042244070010",
"length": 3439.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-02a1eb96",
"target": {
"file": "apps/writefile/main.c",
"function": "main"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "229381978931539393211703764032439101020",
"length": 541.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-27e26a18",
"target": {
"file": "ports/posix/bacfile-posix.c",
"function": "bacfile_posix_write_stream_data"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"196403009833232380330391170904253161282",
"147429353451890607712467048194698050736",
"61220409067161371437378263070483128859",
"209852818708059193760864369069598854736"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Line",
"id": "CVE-2026-21878-41b22d78",
"target": {
"file": "apps/readfile/main.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "305788386762063797861896758213124905045",
"length": 327.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-54e293a7",
"target": {
"file": "ports/posix/bacfile-posix.c",
"function": "bacfile_posix_file_size"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"118632932428438959029290703107409149738",
"334120917409509365547291545573760517642",
"147585670267652554024930544635921046082",
"326535855974917254725102377456692594937",
"48500509236487772206685636052932843278",
"26017352033681189449126523972681371196"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Line",
"id": "CVE-2026-21878-569a586a",
"target": {
"file": "src/bacnet/basic/sys/filename.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"188138031294758535368706930287405742372",
"274954448170573317552459421641985116863",
"158809744210458828284273425993612763568",
"44393963260733277507351265060409214515",
"129763213248996429789535964442191761294",
"36346260516982616607303713410778370677",
"228039044627462211743311243861708022095",
"102835426541633996749322494798844890353",
"82032328642030383662779024183057155094",
"1718666759477298272382813790074950836",
"124428358541621579448828361394095973072",
"125976074188263876738103268868118305944",
"276514822246142048584534537234184827822",
"21923344545737555096452327149353484498",
"339835306316782550792082029064383702449",
"310743060912730198852185768273874631551",
"292711521960472327499620250274808588407",
"96637570138605571775118879942601356188",
"37498690157126330506922822319594612798",
"73263217841517517647404451838129611771",
"284392164868152939352202774763886023877",
"218270796678773111327780723473240064495",
"175068731437025401353184368921949096155",
"147640651341534136450776721599331162534",
"159243616608184179812345256936704513143",
"96163668705869673669257841625953683313",
"64446020563626897084239562702980803843",
"95588213095811700686845601876532515108",
"297414732235141338427276608625087782304",
"7034285407008214850892540458807844139",
"118191054663407956149169416411212056870",
"197311519816520156829710540452399889585"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Line",
"id": "CVE-2026-21878-60ea92a0",
"target": {
"file": "ports/posix/bacfile-posix.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"196403009833232380330391170904253161282",
"147429353451890607712467048194698050736",
"61220409067161371437378263070483128859",
"209852818708059193760864369069598854736"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Line",
"id": "CVE-2026-21878-6c72b6b2",
"target": {
"file": "apps/writefile/main.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"37660606623267825315364614623626062633",
"181448556326392738464435100544423866117",
"243255782532750389024024404041129104444",
"49352589355071722614346619667916468260",
"97713953100984026464133556131782372157",
"238522863494171322352125719609791954815",
"112717580115358338567521587117971675608",
"121898981441835081177146477036064466108",
"286764723167549366150247595626298755733",
"227754345479669876329343615566955803498",
"117200490442699541487417347623001119615",
"64216778686494432176455810444673765608",
"318977466464685612820595464564565478077",
"58109104782012503062317753157692287196"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Line",
"id": "CVE-2026-21878-8caaa942",
"target": {
"file": "test/bacnet/basic/sys/filename/src/main.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250331833024078010478012772586602010736",
"162430878738918389520009784774776714659",
"214366960201378893189985751099555642936",
"200023635840035639888553950995177902993"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Line",
"id": "CVE-2026-21878-93418e7c",
"target": {
"file": "src/bacnet/basic/sys/filename.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"182354141424512252835154064408866178475",
"33506151509966239028345071929595022517",
"193352939949368027577349602874054045030",
"123180635543282036044760058409178136927",
"191941406936467330253883359535791854905"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Line",
"id": "CVE-2026-21878-a6074d8f",
"target": {
"file": "src/bacnet/basic/object/bacfile.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "165037833702610189509051651206685219057",
"length": 116.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-a97c47f9",
"target": {
"file": "test/bacnet/basic/sys/filename/src/main.c",
"function": "test_main"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "207802991363146773905935132510724947545",
"length": 381.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-bde3b683",
"target": {
"file": "ports/posix/bacfile-posix.c",
"function": "bacfile_posix_read_stream_data"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "192273245454341509767370254637738202948",
"length": 693.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-c54aff32",
"target": {
"file": "ports/posix/bacfile-posix.c",
"function": "bacfile_posix_read_record_data"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "329546260887894170727069813993133439475",
"length": 3171.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-cc100ab7",
"target": {
"file": "apps/readfile/main.c",
"function": "main"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "28376052850309972849269516357089413085",
"length": 845.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3",
"signature_type": "Function",
"id": "CVE-2026-21878-e9dacc52",
"target": {
"file": "ports/posix/bacfile-posix.c",
"function": "bacfile_posix_write_record_data"
}
}
]