Home / Vulnerability Intelligence / CVE-2026-21659

CVE-2026-21659 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

Johnson Controls Frick Controls Quantum HD - Remote Code Execution & Information Disclosure

Published: February 27, 2026Updated: March 2, 2026Remote Exploitable

Overview

Johnson Controls Frick Controls Quantum HD <= 10.22 contains a local file inclusion vulnerability allowing unauthenticated attackers to execute arbitrary code, leading to full system compromise.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 21.5%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary code, leading to full system compromise.

Mitigation

Update to a version later than 10.22 or the latest available version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🔴 CVE-2026-21659 - Critical (9.8) Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, lea... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21659/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-21659
Severity: Critical
CVSS Score: 9.8
Type: local_file_inclusion
Status: confirmed
EPSS: 21.5%
Social Posts: 1

CWE

CWE-23
CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

21.5%Probability of exploitation in the next 30 days