Off-by-One Buffer Read in BACnet Stack Affects Embedded Systems
CVE-2026-41502

8.7HIGH

Key Information:

Vendor: Bacnet-stack
Status: Bacnet-stack
Vendor: CVE Published:; 24 April 2026

🔔 Create Bacnet-stack Vulnerability Alert

What is CVE-2026-41502?

The BACnet Stack is an open-source protocol library for embedded systems that has a vulnerability in its ReadPropertyMultiple service decoder. An off-by-one out-of-bounds read occurs due to improper validation in the rpm_decode_object_id() function, which allows unauthenticated remote attackers to read one byte past an allocated buffer. This happens when the APDU length is mistakenly deemed valid, leading to potential crashes on devices utilizing the ReadPropertyMultiple confirmed service handler. This issue impacts systems running versions prior to 1.4.3 and has been addressed in the latest update.

Affected Version(s)

bacnet-stack >= 1.4.0, < 1.4.3

References

https://github.com/bacnet-stack/bacnet-stack/security/adv...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41502 Data

JSON