CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/24 7:39 p.m.•29 views

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

8.7CVSS0.00482EPSS

ATTACKERKB•added 2026/04/24 7:39 p.m.•5 views

CVE-2026-41475

8.7CVSS5.7AI score0.00482EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/24 7:39 p.m.•2 views

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

8.7CVSS5.7AI score0.00482EPSS

CVE•added 2026/04/24 7:39 p.m.•46 views

CVE-2026-41475

Summary: CVE-2026-41475 affects the BACnet Stack library. Prior to version 1.4.3, the WritePropertyMultiple service decoder is vulnerable to an out-of-bounds read caused by wpm_decode_object_property() invoking the deprecated decode_tag_number_and_value() function, which performs no bounds checki...

9.1CVSS5.7AI score0.00482EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/04/24 12:0 a.m.•57 views

BACnet Stack 缓冲区错误漏洞

BACnet Stack is an open-source protocol stack for BACnet, designed to work on embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a buffer error vulnerability. This vulnerability stems from a out-of-bounds read vulnerability in the ReadPropertyMultiple...

8.7CVSS6AI score0.00415EPSS

CNNVD•added 2026/04/24 12:0 a.m.•10 views

BACnet Stack 缓冲区错误漏洞

BACnet Stack is an open-source protocol stack for BACnet, designed to work on embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a buffer error vulnerability. This vulnerability stems from a boundary-crossing read issue in the ReadPropertyMultiple...

8.7CVSS6AI score0.00401EPSS

CNNVD•added 2026/04/24 12:0 a.m.•7 views

BACnet Stack 缓冲区错误漏洞

BACnet Stack is an open-source protocol stack for BACnet, designed for use in embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a buffer error vulnerability. This vulnerability stems from a out-of-bounds read vulnerability in the decoder of the...

9.1CVSS6AI score0.00482EPSS

Positive Technologies•added 2026/04/24 12:0 a.m.•5 views

PT-2026-35074

Name of the Vulnerable Software and Affected Versions BACnet Stack versions prior to 1.4.3 Description An out-of-bounds read exists in the WritePropertyMultiple service decoder. This occurs because the wpm decode object property function calls the deprecated decode tag number and value function,...

8.7CVSS5.6AI score0.00482EPSS

Exploits1References4

NVD•added 2026/04/21 5:16 p.m.•5 views

CVE-2026-40279

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

3.7CVSS0.00242EPSS

Cvelist•added 2026/04/21 4:29 p.m.•32 views

CVE-2026-40279 BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()`

3.7CVSS0.00242EPSS

ATTACKERKB•added 2026/04/21 4:29 p.m.•5 views

CVE-2026-40279

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/21 4:29 p.m.•7 views

CVE-2026-40279 BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()`

EUVD•added 2026/04/21 4:29 p.m.•11 views

EUVD-2026-24166

CVE•added 2026/04/21 4:29 p.m.•14 views

CVE-2026-40279

BACnet Stack (open-source C library for embedded systems) contains a defect in decode_signed32() in src/bacnet/bacint.c where reconstructing a 32-bit signed integer from four APDU bytes via signed left shifts can overflow signed int32_t when any byte has bit 7 set (>= 0x80). This undefined beh...

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•10 views

PT-2026-34009

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode signed32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

CNNVD•added 2026/04/21 12:0 a.m.•6 views

BACnet Stack 安全漏洞

BACnet Stack is an open-source protocol stack for BACnet that is suitable for embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a security vulnerability. This vulnerability arises from the decodesigned32 function in src/bacnet/bacint.c, which uses...

RedhatCVE•added 2026/02/14 7:22 p.m.•13 views

CVE-2026-26264

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash DoS. The issue is in wp.c within...

8.8CVSS5.6AI score0.00368EPSS

NVD•added 2026/02/13 7:17 p.m.•6 views

CVE-2026-26264

8.8CVSS0.00368EPSS

NVD•added 2026/02/13 7:17 p.m.•2 views

CVE-2026-21878

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

7.5CVSS0.00356EPSS