CVE-2026-21870 | bacnet-stack up to 1.4.2/1.5.0.rc2 tokenizer.c tokenizer_string off-by-one (GHSA-pc83-wp6w-93mx)

Inserito da Angelo Barbosa | Feb 13, 2026 | CVE

A vulnerability categorized as problematic has been discovered in bacnet-stack up to 1.4.2/1.5.0.rc2. The affected element is the function tokenizer_string of the file src/bacnet/basic/program/ubasic/tokenizer.c. Executing a manipulation can lead to off-by-one.

The identification of this vulnerability is CVE-2026-21870. The attack can only be executed locally. There is no exploit available.

It is best practice to apply a patch to resolve this issue.

CVE-2026-21870 | bacnet-stack up to 1.4.2/1.5.0.rc2 tokenizer.c tokenizer_string off-by-one (GHSA-pc83-wp6w-93mx)

Post correlati

CVE-2024-32567 | Designinvento DirectoryPress Plugin up to 3.6.7 on WordPress cross site scripting

CVE-2024-0836 | Review & Structure Data Schema Plugin up to 2.1.14 on WordPress authorization

CVE-2025-50706 | thinkphp 5.1 routecheck code injection (CNVD-2024-29981)

CVE-2025-8221 | jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999 GoodsCustController.java goodsSearch keyword cross site scripting