HIGH
JohnsonControls
CVE published 2026-05-05
CVE-2026-21661
CVE-2026-21661 is a publicly disclosed DLL hijacking vulnerability in Johnson Controls CEM AC2000. According to CISA’s advisory, a local attacker could use the issue to escalate standard user privileges on the host machine. The supplied CVSS vector and score place this at 8.7 (HIGH), reflecting a local attack with no user interaction and high impact to confidentiality and integrity.