Johnson Controls has reported a vulnerability in the OpenBlue Mobile Web Application for OpenBlue Workplace — tracked as CVE‑2025‑26381 — that allows direct request (commonly called “forced browsing”) exploitation leading to unauthorized access to sensitive information; Johnson Controls...
