A vulnerability classified as problematic was found in bacnet_stack 1.3.1 . The affected element is the function bacnet_tag_number_decode . Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-38570 . The attack requires being on the local network. There is not any exploit available.