Login Sign Up

CVE-2026-26264

8.1 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A length underflow vulnerability in the BACnet Stack library allows attackers to cause denial-of-service through malformed WriteProperty requests. This affects embedded systems using vulnerable versions of the BACnet protocol stack. The vulnerability can be triggered remotely by sending specially crafted BACnet packets.

💻 Affected Systems

Products:
  • BACnet Stack library
Versions: All versions prior to 1.5.0rc4 and 1.4.3rc2
Operating Systems: Any OS using the vulnerable BACnet Stack library
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any embedded system or application using the vulnerable BACnet Stack library version.

📦 What is this software?

Bacnet Stack by Bacnetstack

View all CVEs affecting Bacnet Stack →

Bacnet Stack by Bacnetstack

View all CVEs affecting Bacnet Stack →

Bacnet Stack by Bacnetstack

View all CVEs affecting Bacnet Stack →

Bacnet Stack by Bacnetstack

View all CVEs affecting Bacnet Stack →

Bacnet Stack by Bacnetstack

View all CVEs affecting Bacnet Stack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash leading to denial-of-service for BACnet-dependent building automation systems, potentially affecting HVAC, lighting, or access control systems.

🟠

Likely Case

Service disruption causing temporary unavailability of BACnet services until system restart.

🟢

If Mitigated

Minimal impact with proper network segmentation and input validation in place.

🌐 Internet-Facing: MEDIUM - BACnet systems exposed to internet could be targeted, but BACnet is typically used in internal building automation networks.
🏢 Internal Only: HIGH - Most BACnet deployments are on internal networks where attackers could exploit this vulnerability to disrupt building operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malformed BACnet WriteProperty requests but does not require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.0rc4 or 1.4.3rc2

Vendor Advisory: https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-phjh-v45p-gmjj

Restart Required: No

Instructions:

1. Update BACnet Stack library to version 1.5.0rc4 or 1.4.3rc2. 2. Recompile any applications using the library. 3. Deploy updated applications to affected systems.

🔧 Temporary Workarounds

Network segmentation

all

Isolate BACnet networks from untrusted networks using firewalls or VLANs.

Input validation

all

Implement additional APDU validation at network perimeter or application layer.

🧯 If You Can't Patch

  • Implement strict network access controls to limit BACnet traffic to trusted sources only.
  • Deploy network intrusion detection systems to monitor for malformed BACnet packets.

🔍 How to Verify

Check if Vulnerable:

Check BACnet Stack library version in use. If version is earlier than 1.5.0rc4 or 1.4.3rc2, the system is vulnerable.

Check Version:

Check library version through application documentation or build configuration files.

Verify Fix Applied:

Verify BACnet Stack library version is 1.5.0rc4 or 1.4.3rc2 or later.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes
  • BACnet service restarts
  • Memory access violation errors

Network Indicators:

  • Malformed BACnet WriteProperty requests
  • Unusual BACnet traffic patterns

SIEM Query:

BACnet protocol anomalies OR application crashes with BACnet stack references

📊 Metadata

CVE ID: CVE-2026-26264
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
EPSS Score: 0.04% exploit probability (12.6th percentile)
Published: February 13, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26264, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)