CVE-2025-26386

2026-01-28 [email protected]

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 28, 2026 - 12:15 nvd

N/A

Description

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.

Analysis

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior.

Technical Context

Classified as CWE-121 (Stack-based Buffer Overflow). Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.

Affected Products

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability

Remediation

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +0

POC: 0

CVE-2025-26386 vulnerability details – vuln.today

Back

CVE-2025-26386

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-26386

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code