Is Bacnet Stack affected by CVE-2026-26264?

A denial-of-service vulnerability in BACnet Stack could allow attackers to crash systems running affected versions, potentially disrupting building automation, HVAC, and industrial control operations that depend on BACnet protocol communications.

CVE-2026-26264

Q: How to fix CVE-2026-26264?

Within 24 hours: identify all systems and devices running affected BACnet Stack versions and assess their operational criticality. Within 7 days: apply available patches to non-production systems and validate functionality before production deployment. Within 30 days: complete patching of all production systems running vulnerable versions, with priority given to critical infrastructure and customer-facing services.

HIGH

2026-02-13 [email protected]

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 18, 2026 - 18:48 vuln.today

Public exploit code

Patch Released

Feb 18, 2026 - 18:48 nvd

Patch available

CVE Published

Feb 13, 2026 - 19:17 nvd

HIGH 8.1

Description

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash (DoS). The issue is in wp.c within wp_decode_service_request. When decoding the optional priority context tag, the code passes apdu_len - apdu_size to bacnet_unsigned_context_decode without validating that apdu_size <= apdu_len. If a truncated APDU reaches this path, apdu_len - apdu_size underflows, resulting in a large size being used for decoding and an out‑of‑bounds read. This vulnerability is fixed in 1.5.0rc4 and 1.4.3rc2.

Analysis

Unauthenticated remote attackers can crash BACnet Stack prior to versions 1.5.0rc4 and 1.4.3rc2 by sending a malformed WriteProperty request that triggers an integer underflow during APDU decoding, resulting in an out-of-bounds memory read. Public exploit code exists for this vulnerability. …

Remediation

Within 24 hours: identify all systems and devices running affected BACnet Stack versions and assess their operational criticality. Within 7 days: apply available patches to non-production systems and validate functionality before production deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +40

POC: +20

CVE-2026-26264 vulnerability details – vuln.today

Back

CVE-2026-26264

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-26264

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code