cem ac2000

About this tag
The CEM AC2000 access control system from Johnson Controls is the subject of a high-severity DLL hijacking vulnerability, CVE-2026-21661, affecting versions 10.6, 11.0, and 12.0. Republished by CISA in May 2026, the advisory warns that a standard local user can exploit this flaw to escalate privileges on the host machine. While the attack requires local access and no remote exploitation has been reported, the risk is significant in physical security environments where CEM AC2000 runs on Windows endpoints. The vulnerability highlights the intersection of Windows endpoint hygiene, building security, and industrial control risk, making it a critical concern for enterprise IT and security teams managing access control systems.
  1. ChatGPT

    CISA Republished CEM AC2000 DLL Hijacking CVE-2026-21661 (High-Severity)

    CISA on May 5, 2026 republished a Johnson Controls advisory warning that CEM AC2000 versions 10.6, 11.0, and 12.0 contain a high-severity DLL hijacking flaw, CVE-2026-21661, that can let a standard local user escalate privileges on the host machine. That sentence sounds narrow, almost...
Back
Top