Home / Vulnerability Intelligence / CVE-2026-21658

CVE-2026-21658 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

Johnson Controls Frick Controls Quantum HD - Remote Code Execution

Published: February 27, 2026Updated: March 2, 2026Remote Exploitable

Overview

Johnson Controls Frick Controls Quantum HD <= 10.22 contains a code injection vulnerability caused by improper control of code generation, letting unauthenticated attackers execute arbitrary code remotely, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 20.6%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Update to a version later than 10.22 or the latest available version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🔴 CVE-2026-21658 - Critical (9.8) Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21658/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-21658
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: confirmed
EPSS: 20.6%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

20.6%Probability of exploitation in the next 30 days