🔐 CVE Alert

CVE-2026-21659

UNKNOWN 0.0

Johnson Controls -Frick Quantum HD-Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior.

CWE CWE-23
Vendor johnson controls
Product frick controls quantum hd
Published Feb 27, 2026
Last Updated Mar 6, 2026
Stay Ahead of the Next One

Get instant alerts for johnson controls frick controls quantum hd

Be the first to know when new unknown vulnerabilities affecting johnson controls frick controls quantum hd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Johnson Controls / Frick Controls Quantum HD
Frick Controls Quantum HD version 10.22 and prior

References

NVD ↗ CVE.org ↗ EPSS Data ↗
cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01 johnsoncontrols.com: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

Credits

Noam Moshe of Claroty Team 82 Research group