Home / Vulnerability Intelligence / CVE-2026-21657

CVE-2026-21657 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

Johnson Controls Frick Controls Quantum HD - Code Injection

Published: February 27, 2026Updated: March 2, 2026Remote Exploitable

Overview

Johnson Controls Frick Controls Quantum HD <= 10.22 contains a code injection caused by insufficient input validation in certain parameters, letting attackers inject code before authentication, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 7.6%(Probability of exploitation in next 30 days)

Impact

Attackers can inject code before authentication, potentially compromising device security and control.

Mitigation

Update to a version later than 10.22 or the latest available version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🔴 CVE-2026-21657 - Critical (9.8) Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21657/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-21657
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: confirmed
EPSS: 7.6%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.6%Probability of exploitation in the next 30 days