Buffer Overflow Vulnerability in BACnet Protocol Stack Library by BACnet
CVE-2026-21870

5.5MEDIUM

Key Information:

Vendor

Bacnet-stack

Status
Bacnet-stack
Vendor
CVE Published:
13 February 2026

What is CVE-2026-21870?

The BACnet Protocol Stack library experiences a vulnerability characterized by an off-by-one stack-based buffer overflow within the ubasic interpreter. This issue arises in versions up to 1.5.0.rc2, where processing string literals exceeding the buffer limit can lead to application crashes due to improper null termination handling in the tokenizer_string function. Specifically, the function attempts to write a null byte at dest[40] despite the actual buffer size being limited to 40, effectively causing a stack overflow and resulting in a SIGABRT signal.

Affected Version(s)

bacnet-stack <= 1.4.2 <= 1.4.2

bacnet-stack >= 1.5.0.rc1, <= 1.5.0.rc2 <= 1.5.0.rc1, 1.5.0.rc2

References

https://github.com/bacnet-stack/bacnet-stack/security/adv...
x_refsource_CONFIRM
https://github.com/bacnet-stack/bacnet-stack/pull/1196
x_refsource_MISC
https://github.com/bacnet-stack/bacnet-stack/commit/4e117...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.